ProcessFlow

udurrani

INFO





ProcessFuncParam
PAYLOAD.exeLoad ImageC:\Users\xxx\Desktop\PAYLOAD.exe
PAYLOAD.exeLoad ImageC:\Windows\System32\ntdll.dll
PAYLOAD.exeCreateFileC:\Windows\Prefetch\PAYLOAD.EXE-8D180F7C.pf
PAYLOAD.exeCreateFileC:\Users\xxx\Desktop
PAYLOAD.exeLoad ImageC:\Windows\System32\kernel32.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\KernelBase.dll
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\SafeBoot\Option
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\SafeBoot\Option
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Srp\GP\DLL
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Srp\GP\DLL
PAYLOAD.exeRegOpenKeyHKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers
PAYLOAD.exeRegOpenKeyHKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
PAYLOAD.exeLoad ImageC:\Windows\System32\user32.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\gdi32.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\lpk.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\usp10.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\msvcrt.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\shell32.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\shlwapi.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\ole32.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\rpcrt4.dll
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
PAYLOAD.exeCreateFileC:\Users\xxx\Desktop\PAYLOAD.exe.Local
PAYLOAD.exeCreateFileC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4
PAYLOAD.exeQueryBasicInformationFileC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4
PAYLOAD.exeCloseFileC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4
PAYLOAD.exeCreateFileC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4
PAYLOAD.exeCreateFileC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\GdiPlus.dll
PAYLOAD.exeQueryBasicInformationFileC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\GdiPlus.dll
PAYLOAD.exeCloseFileC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\GdiPlus.dll
PAYLOAD.exeCreateFileC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\GdiPlus.dll
PAYLOAD.exeCreateFileMappingC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\GdiPlus.dll
PAYLOAD.exeCreateFileMappingC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\GdiPlus.dll
PAYLOAD.exeLoad ImageC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\GdiPlus.dll
PAYLOAD.exeCloseFileC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\GdiPlus.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\ws2_32.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\nsi.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\psapi.dll
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Session Manager
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Session Manager
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\Control\SESSION MANAGER\SafeDllSearchMode
PAYLOAD.exeCreateFileC:\Windows\System32\imm32.dll
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCloseFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCreateFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\imm32.dll
PAYLOAD.exeQueryStandardInformationFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\imm32.dll
PAYLOAD.exeCloseFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCreateFileC:\Windows\System32\imm32.dll
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCloseFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCreateFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\imm32.dll
PAYLOAD.exeQueryStandardInformationFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\imm32.dll
PAYLOAD.exeCloseFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCreateFileC:\Windows\System32\imm32.dll
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCloseFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCreateFileC:\Windows\System32\imm32.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\imm32.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\imm32.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\imm32.dll
PAYLOAD.exeCloseFileC:\Windows\System32\imm32.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\msctf.dll
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Error Message Instrument\
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Error Message Instrument
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\PAYLOAD
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\OLE
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\OLE
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\OLE
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\OLE
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\OLE\Tracing
PAYLOAD.exeQueryNameInformationFileC:\Users\xxx\Desktop\PAYLOAD.exe
PAYLOAD.exeQueryNameInformationFileC:\Users\xxx\Desktop\PAYLOAD.exe
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
PAYLOAD.exeRegQueryKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Category
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Name
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParentFolder
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Description
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\RelativePath
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParsingName
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InfoTip
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalizedName
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Icon
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Security
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResource
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResourceType
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalRedirectOnly
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Roamable
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PreCreate
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Stream
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PublishExpandedPath
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Attributes
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\FolderTypeID
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InitFolderHandler
PAYLOAD.exeRegQueryKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PropertyBag
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
PAYLOAD.exeLoad ImageC:\Windows\System32\advapi32.dll
PAYLOAD.exeCreateFileC:\Windows\System32\sechost.dll
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\sechost.dll
PAYLOAD.exeCloseFileC:\Windows\System32\sechost.dll
PAYLOAD.exeCreateFileC:\Windows\System32\sechost.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\sechost.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\sechost.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\sechost.dll
PAYLOAD.exeCloseFileC:\Windows\System32\sechost.dll
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
PAYLOAD.exeRegOpenKeyHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
PAYLOAD.exeRegQueryKeyHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
PAYLOAD.exeRegOpenKeyHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
PAYLOAD.exeRegQueryKeyHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
PAYLOAD.exeRegOpenKeyHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
PAYLOAD.exeRegCloseKeyHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
PAYLOAD.exeRegOpenKeyHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
PAYLOAD.exeRegQueryValueHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Nls\CustomLocale
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Nls\CustomLocale
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-US
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\Control\Nls\CustomLocale
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-US
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale
PAYLOAD.exeCreateFileC:\Windows\Globalization\Sorting\SortDefault.nls
PAYLOAD.exeCreateFileMappingC:\Windows\Globalization\Sorting\SortDefault.nls
PAYLOAD.exeQueryStandardInformationFileC:\Windows\Globalization\Sorting\SortDefault.nls
PAYLOAD.exeCreateFileMappingC:\Windows\Globalization\Sorting\SortDefault.nls
PAYLOAD.exeCloseFileC:\Windows\Globalization\Sorting\SortDefault.nls
PAYLOAD.exeRegCloseKeyHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\Control\WMI\Security\f7b697a3-4db5-4d3b-be71-c4d284e6592f
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.pr
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\40441019.pr
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\40441019.pr
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\Desktop\CRYPTBASE.dll
PAYLOAD.exeCreateFileC:\Windows\System32\cryptbase.dll
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\cryptbase.dll
PAYLOAD.exeCloseFileC:\Windows\System32\cryptbase.dll
PAYLOAD.exeCreateFileC:\Windows\System32\cryptbase.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cryptbase.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cryptbase.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\cryptbase.dll
PAYLOAD.exeCloseFileC:\Windows\System32\cryptbase.dll
PAYLOAD.exeRegOpenKeyHKLM\Software\Policies\Microsoft\SQMClient\Windows
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\SQMClient\Windows
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\SQMClient\Windows
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Ws2_32NumHandleBuckets
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeCreateFileC:\Windows\System32\mswsock.dll
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\mswsock.dll
PAYLOAD.exeCloseFileC:\Windows\System32\mswsock.dll
PAYLOAD.exeCreateFileC:\Windows\System32\mswsock.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\mswsock.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\mswsock.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\mswsock.dll
PAYLOAD.exeCloseFileC:\Windows\System32\mswsock.dll
PAYLOAD.exeRegOpenKeyHKLM\Software\Policies\Microsoft\SQMClient\Windows
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\SQMClient\Windows
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\SQMClient\Windows
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:58469 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:58469 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:58470 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:58470 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:58471 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:58471 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:58472 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:58472 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:58473 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:58473 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeSetRenameInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeSetRenameInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:58474 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:58474 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:58475 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:58475 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61093 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61093 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61094 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61094 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61095 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61095 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61096 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61096 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61097 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61097 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61098 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61098 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61099 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61099 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61100 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61100 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61101 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61101 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61102 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61102 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61103 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61103 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61104 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61104 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61105 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61105 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61106 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61106 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61107 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61107 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61108 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61108 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61109 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61109 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61110 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61110 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeSetRenameInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeSetRenameInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61111 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61111 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61112 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61112 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61113 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61113 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61114 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61114 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61115 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61115 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61116 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61116 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61117 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61117 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61118 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61118 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61119 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61119 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61120 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61120 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61121 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61121 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61122 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61122 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61123 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61123 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61124 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61124 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61125 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61125 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61126 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61126 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61127 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61127 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61128 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61128 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61129 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61129 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61130 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61130 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61131 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61131 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61132 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61132 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61133 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61133 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61134 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61134 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61135 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61135 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61136 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61136 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61137 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61137 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61138 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61138 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61139 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61139 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61140 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61140 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61141 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61141 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61142 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61142 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61143 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61143 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61144 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61144 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61145 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61145 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61146 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61146 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61147 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61147 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61148 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61148 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61149 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61149 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61150 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61150 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61151 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61151 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61152 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61152 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61153 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61153 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61154 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61154 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61155 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61155 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61156 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61156 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61157 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61157 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
PAYLOAD.exeRegQueryKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Category
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Name
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParentFolder
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Description
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\RelativePath
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParsingName
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InfoTip
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalizedName
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Icon
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Security
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResource
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResourceType
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalRedirectOnly
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Roamable
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PreCreate
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Stream
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PublishExpandedPath
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Attributes
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\FolderTypeID
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InitFolderHandler
PAYLOAD.exeRegQueryKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}
PAYLOAD.exeCreateFileC:\Windows\System32
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32
PAYLOAD.exeCloseFileC:\Windows\System32
PAYLOAD.exeCreateFileC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
PAYLOAD.exeQuerySecurityFileC:\Windows\System32\cmd.exe
PAYLOAD.exeQueryNameInformationFileC:\Windows\System32\cmd.exe
PAYLOAD.exeProcess CreateC:\Windows\system32\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\SafeBoot\Option
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\SafeBoot\Option
PAYLOAD.exeRegOpenKeyHKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\AuthenticodeEnabled
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers
PAYLOAD.exeRegOpenKeyHKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\SafeBoot\Option
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\SafeBoot\Option
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility
PAYLOAD.exeRegOpenKeyHKLM\Software\Policies\Microsoft\Windows\AppCompat
PAYLOAD.exeQuerySecurityFileC:\Windows\System32\cmd.exe
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\cmd.exe
PAYLOAD.exeRegOpenKeyHKCU\Software\Microsoft\Windows NT\CurrentVersion
PAYLOAD.exeRegOpenKeyHKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisableLocalOverride
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide
PAYLOAD.exeRegOpenKeyHKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration
PAYLOAD.exeRegOpenKeyHKLM\Software\Policies\Microsoft\MUI\Settings
PAYLOAD.exeRegOpenKeyHKCU\Software\Policies\Microsoft\Control Panel\Desktop
PAYLOAD.exeRegOpenKeyHKCU\Control Panel\Desktop\LanguageConfiguration
PAYLOAD.exeRegEnumValueHKCU\Control Panel\Desktop\LanguageConfiguration
PAYLOAD.exeRegCloseKeyHKCU\Control Panel\Desktop\LanguageConfiguration
PAYLOAD.exeRegOpenKeyHKLM\Software\Policies\Microsoft\MUI\Settings
PAYLOAD.exeRegOpenKeyHKCU\Software\Policies\Microsoft\Control Panel\Desktop
PAYLOAD.exeRegOpenKeyHKCU\Control Panel\Desktop
PAYLOAD.exeRegQueryValueHKCU\Control Panel\Desktop\PreferredUILanguages
PAYLOAD.exeRegCloseKeyHKCU\Control Panel\Desktop
PAYLOAD.exeRegOpenKeyHKLM\Software\Policies\Microsoft\MUI\Settings
PAYLOAD.exeRegOpenKeyHKCU\Control Panel\Desktop\MuiCached
PAYLOAD.exeRegQueryValueHKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages
PAYLOAD.exeRegQueryValueHKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages
PAYLOAD.exeRegCloseKeyHKCU\Control Panel\Desktop\MuiCached
PAYLOAD.exeCreateFileC:\Windows\System32\apphelp.dll
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\apphelp.dll
PAYLOAD.exeCloseFileC:\Windows\System32\apphelp.dll
PAYLOAD.exeCreateFileC:\Windows\System32\apphelp.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\apphelp.dll
PAYLOAD.exeCreateFileMappingC:\Windows\System32\apphelp.dll
PAYLOAD.exeLoad ImageC:\Windows\System32\apphelp.dll
PAYLOAD.exeCloseFileC:\Windows\System32\apphelp.dll
PAYLOAD.exeCloseFileC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61158 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61158 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61159 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61159 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61160 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61160 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61161 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61161 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61162 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61162 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61163 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61163 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61164 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61164 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61165 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61165 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61166 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61166 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61167 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61167 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61168 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61168 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61169 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61169 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61170 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61170 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61171 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61171 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61172 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61172 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61173 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61173 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61174 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61174 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61175 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61175 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61176 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61176 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
PAYLOAD.exeQuerySecurityFileC:\Windows\System32\cmd.exe
PAYLOAD.exeQueryNameInformationFileC:\Windows\System32\cmd.exe
PAYLOAD.exeProcess CreateC:\Windows\system32\cmd.exe
PAYLOAD.exeQuerySecurityFileC:\Windows\System32\cmd.exe
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\cmd.exe
PAYLOAD.exeRegOpenKeyHKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide
PAYLOAD.exeCloseFileC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\af5e80b3-eddf-493e-8d98-24d902afd761.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\af5e80b3-eddf-493e-8d98-24d902afd761.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\af5e80b3-eddf-493e-8d98-24d902afd761.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\af5e80b3-eddf-493e-8d98-24d902afd761.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\af5e80b3-eddf-493e-8d98-24d902afd761.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\af5e80b3-eddf-493e-8d98-24d902afd761.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\af5e80b3-eddf-493e-8d98-24d902afd761.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\af5e80b3-eddf-493e-8d98-24d902afd761.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeQueryInformationVolumeC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeQueryAllInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeQueryStandardInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\af5e80b3-eddf-493e-8d98-24d902afd761.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\50A2B7D53A5640E1BF937A84A0AC6455
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61177 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61177 -> google-public-dns-a.google.com:domain
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\af5e80b3-eddf-493e-8d98-24d902afd761.txt
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\af5e80b3-eddf-493e-8d98-24d902afd761.txt
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\af5e80b3-eddf-493e-8d98-24d902afd761.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\af5e80b3-eddf-493e-8d98-24d902afd761.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\WinSock2\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\367F83B0
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\00000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\00000022
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\WinSock2\Parameters
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Parameters
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Parameters\Transports
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Parameters
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\Mapping
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegQueryKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers\Tcpip
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Winsock\Setup Migration\Providers
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegOpenKeyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MinSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
PAYLOAD.exeRegQueryValueHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock\HelperDllName
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCreateFileMappingC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeLoad ImageC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeCloseFileC:\Windows\System32\WSHTCPIP.DLL
PAYLOAD.exeRegCloseKeyHKLM\System\CurrentControlSet\services\Tcpip\Parameters\Winsock
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61178 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61179 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61180 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61181 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61182 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61183 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61182 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61184 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61185 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61184 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61186 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61187 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61188 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61186 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61189 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61190 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61189 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61191 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61192 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61193 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61178 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61192 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61194 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61195 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61179 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61196 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61194 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61197 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61180 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61198 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61181 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61197 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61199 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61183 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61199 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61200 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61185 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61200 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61201 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61187 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61188 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61201 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61202 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61190 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61202 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61203 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61191 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61203 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61204 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61193 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61195 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61204 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61205 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61205 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61206 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61198 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61206 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61207 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61207 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61208 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61208 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61209 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61209 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61210 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61210 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61211 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61211 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61212 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61196 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61212 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61213 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61213 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61214 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61214 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61215 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61215 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61216 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61216 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61217 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61217 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61218 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61218 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61219 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61219 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61220 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61220 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61221 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\9A94670B0DAC49CAACCE52D2D281A516
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw9A94670B0DAC49CAACCE52D2D281A516.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61221 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp9932u1.bat
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp9932u1.bat
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp9932u1.bat
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp9932u1.bat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
PAYLOAD.exeQuerySecurityFileC:\Windows\System32\cmd.exe
PAYLOAD.exeQueryNameInformationFileC:\Windows\System32\cmd.exe
PAYLOAD.exeProcess CreateC:\Windows\system32\cmd.exe
PAYLOAD.exeQuerySecurityFileC:\Windows\System32\cmd.exe
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\cmd.exe
PAYLOAD.exeRegOpenKeyHKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide
PAYLOAD.exeCloseFileC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61222 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61222 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61223 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61223 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61224 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61224 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61225 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61225 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61226 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61226 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61227 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61227 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61228 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61228 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61229 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61229 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61230 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61230 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61231 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61231 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61232 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61232 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61233 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61233 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61234 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61234 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61235 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61235 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61236 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61236 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61237 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61237 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61238 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61238 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61239 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61239 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61240 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61240 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61241 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61241 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61242 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61242 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61243 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeQueryInformationVolumeC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeQueryAllInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeQueryStandardInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\C318E43E8DD142E697C830375BB20C39
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61243 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61244 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61244 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\d862eaf2-177c-4b55-bc43-0ea2cd874bf1.txt
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61245 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61246 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61245 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61247 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61248 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61249 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61248 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61250 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61251 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61250 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
PAYLOAD.exeQuerySecurityFileC:\Windows\System32\cmd.exe
PAYLOAD.exeQueryNameInformationFileC:\Windows\System32\cmd.exe
PAYLOAD.exeProcess CreateC:\Windows\system32\cmd.exe
PAYLOAD.exeQuerySecurityFileC:\Windows\System32\cmd.exe
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\cmd.exe
PAYLOAD.exeRegOpenKeyHKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide
PAYLOAD.exeCloseFileC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61252 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61253 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61254 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61255 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61256 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61246 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61256 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61257 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61247 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61257 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61258 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61249 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61251 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61258 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61259 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61252 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61259 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61260 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61253 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61260 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61261 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61261 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61262 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61254 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61262 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61263 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61255 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61263 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61264 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61264 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61265 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61265 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61266 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61266 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\6DF5D150482148278E16543D6254A4D0
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw6DF5D150482148278E16543D6254A4D0.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61267 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61267 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61268 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61268 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61269 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61269 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61270 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61270 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61271 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61271 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61272 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61272 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61273 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61273 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61274 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61274 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61275 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61275 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61276 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61276 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61277 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61277 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61278 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61278 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61279 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61279 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61280 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61280 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61281 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61281 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61282 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61282 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61283 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61283 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61284 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61284 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61285 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61285 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61286 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61286 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61287 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61287 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61288 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61288 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61289 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61289 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61290 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61290 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61291 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61291 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeQueryInformationVolumeC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeQueryAllInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeQueryStandardInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8d94f989-5de6-430c-bb7b-962fea59559f.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8FDCA71DFA0247E5B315071529016FD8
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61292 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61292 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\8d94f989-5de6-430c-bb7b-962fea59559f.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61293 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61294 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61295 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61296 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61297 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61298 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61299 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61300 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61301 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61302 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61303 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61293 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61304 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61302 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61305 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61294 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61306 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61305 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61307 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61295 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61308 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61309 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61296 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61307 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61310 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61297 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61311 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61310 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61312 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61313 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61298 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61314 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61299 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61313 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61315 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61316 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61300 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61315 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61301 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61317 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61318 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61303 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61319 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61304 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61306 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61320 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61308 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61321 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61309 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61322 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61311 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61323 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61312 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61324 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61314 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61325 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61316 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61326 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61317 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61326 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61327 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61318 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61327 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61328 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61319 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61320 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61328 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61329 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61321 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61329 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61330 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61322 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61330 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61331 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61323 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61331 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61332 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61324 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61332 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\0FE708D569C24277BECB541F76D710CC
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw0FE708D569C24277BECB541F76D710CC.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61325 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61333 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61333 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61334 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61334 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61335 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61335 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61336 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61336 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61337 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61337 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61338 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61338 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61339 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61339 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61340 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61340 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61341 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61341 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61342 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61342 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61343 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61343 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61344 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61344 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61345 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61345 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61346 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61346 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeSetRenameInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeSetRenameInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61347 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61347 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61348 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61348 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61349 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61349 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61350 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61350 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61351 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61351 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61352 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61352 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61353 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61353 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61354 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61354 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61355 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61355 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61356 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61356 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61357 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61357 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61358 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61358 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61359 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61359 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61360 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61360 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61361 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61361 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61362 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61362 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61363 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61363 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61364 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61364 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61365 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61365 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61366 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61366 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61367 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61367 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61368 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61368 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61369 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61369 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61370 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61370 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61371 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61371 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61372 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61372 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61373 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61373 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61374 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61374 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61375 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61375 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61376 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61376 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61377 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61377 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61378 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61378 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61379 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61379 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61380 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61380 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61381 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61381 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61382 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61382 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61383 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61383 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61384 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61384 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61385 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61385 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61386 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61386 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61387 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61387 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61388 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61388 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61389 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61389 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61390 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61390 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61391 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61391 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61392 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61392 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61393 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61393 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp765643.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeQueryInformationVolumeC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeQueryAllInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeQueryStandardInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\4d2a8b67-7b81-4e68-815c-323e097d6e7c.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B13836091025448C801B033D83332CEE
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61394 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61394 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61395 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61396 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61397 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61398 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61399 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61400 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61401 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61402 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61403 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61404 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61395 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61405 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61406 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61396 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61407 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61408 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61398 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61409 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61399 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61410 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61400 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61411 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61401 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61412 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61402 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61413 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61403 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61414 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61404 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61415 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61405 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61416 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61406 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61397 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61417 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61407 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61418 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61408 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61419 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61409 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61420 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61410 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61421 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61411 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61422 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61412 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61423 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61413 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61424 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61414 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61425 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61415 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61426 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61427 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61416 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61426 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61428 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61429 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61417 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61430 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61428 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61431 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61418 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61432 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61431 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61433 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61419 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61434 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61420 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61433 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61435 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61421 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61436 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61437 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61422 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61436 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61438 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61439 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61423 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61440 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61438 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61424 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61441 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61425 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61442 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61427 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61443 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61429 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61444 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61430 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61445 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61432 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61434 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61446 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61435 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61447 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61437 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61448 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61439 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61449 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61440 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61450 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61441 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61451 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61442 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61452 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61443 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61453 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61444 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61454 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61445 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61455 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61446 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61456 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61457 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61447 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61458 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61448 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61459 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61449 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61460 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61450 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61461 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61451 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61462 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61452 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61463 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61453 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61464 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61454 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61465 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61455 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61466 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61456 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61467 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61457 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61468 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61458 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61469 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61459 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61470 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61460 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61471 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61461 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61472 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61462 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61473 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61463 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61474 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61464 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61475 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61465 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61476 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61466 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61477 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61467 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61478 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61468 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61479 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61469 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61480 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61470 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61481 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61471 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61482 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61472 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61483 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61473 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61484 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61474 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61485 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61475 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61486 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61476 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61487 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61477 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61488 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61478 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61489 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61479 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61490 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61480 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61491 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61481 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61492 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61482 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61493 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61483 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61494 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61495 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61484 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61496 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61495 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61497 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61485 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61498 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61486 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61497 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61499 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61500 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61487 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61499 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61501 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61502 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61488 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61503 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61501 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61489 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61504 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61505 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61490 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61506 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61491 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61505 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61507 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61508 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61492 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61507 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61509 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61493 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61510 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61494 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61511 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61496 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61512 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61498 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61513 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61500 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61514 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61502 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61515 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61503 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61516 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61504 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61517 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61506 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61518 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61508 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61519 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61509 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61520 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61510 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61521 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61511 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61522 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61512 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61523 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61513 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61524 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61514 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61525 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61515 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61526 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61516 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61527 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61517 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61528 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61518 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61529 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61519 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61530 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61520 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61531 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61521 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61532 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61522 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61533 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61523 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61534 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61524 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61535 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61525 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61536 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61526 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61537 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61527 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61538 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61528 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61539 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61529 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61540 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61530 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61541 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61531 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61542 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61532 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61543 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61533 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61544 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61534 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61545 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61535 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61545 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61546 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61536 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61537 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61546 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61547 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61538 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61547 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61548 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61539 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61548 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61549 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61540 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61541 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61549 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61550 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61542 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61550 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61551 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61543 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61544 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61551 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61552 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61553 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61554 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61554 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61555 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61555 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61556 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61556 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61557 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61557 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61558 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61558 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61559 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61559 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61560 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61552 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61560 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61561 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61553 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61561 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61562 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61562 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61563 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B4DB6AAB600342C6855EDF0FDFB17591
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dwB4DB6AAB600342C6855EDF0FDFB17591.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61563 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61564 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61564 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61565 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61565 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61566 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61566 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61567 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61567 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61568 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61568 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61569 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61569 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61570 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61570 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61571 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61571 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61572 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61572 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61573 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61573 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61574 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61574 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61575 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61575 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61576 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61576 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61577 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61577 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61578 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61578 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61579 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61579 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61580 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61580 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
PAYLOAD.exeQuerySecurityFileC:\Windows\System32\cmd.exe
PAYLOAD.exeQueryNameInformationFileC:\Windows\System32\cmd.exe
PAYLOAD.exeProcess CreateC:\Windows\system32\cmd.exe
PAYLOAD.exeQuerySecurityFileC:\Windows\System32\cmd.exe
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\cmd.exe
PAYLOAD.exeRegOpenKeyHKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide
PAYLOAD.exeCloseFileC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61581 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61581 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61582 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61582 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61583 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61583 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61584 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61584 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61585 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61585 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61586 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61586 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeSetRenameInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeSetRenameInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\BBTmp9887121019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61587 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61587 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61588 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61588 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61589 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61589 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61590 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\499fd00c-534f-4625-b50e-7790ed77f869.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\499fd00c-534f-4625-b50e-7790ed77f869.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\499fd00c-534f-4625-b50e-7790ed77f869.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\499fd00c-534f-4625-b50e-7790ed77f869.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\499fd00c-534f-4625-b50e-7790ed77f869.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\499fd00c-534f-4625-b50e-7790ed77f869.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\499fd00c-534f-4625-b50e-7790ed77f869.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\499fd00c-534f-4625-b50e-7790ed77f869.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeQueryInformationVolumeC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeQueryAllInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeQueryStandardInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499fd00c-534f-4625-b50e-7790ed77f869.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\B3CD3A809A5343F38F9830722195CF66
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61590 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61591 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61591 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\499fd00c-534f-4625-b50e-7790ed77f869.txt
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\499fd00c-534f-4625-b50e-7790ed77f869.txt
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\499fd00c-534f-4625-b50e-7790ed77f869.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\499fd00c-534f-4625-b50e-7790ed77f869.txt
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61592 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61593 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61592 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61594 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61595 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61594 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61596 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61597 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61598 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61596 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61599 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61600 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61599 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61601 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61602 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61603 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61602 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61604 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61604 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61605 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61605 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61606 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61593 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61606 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61607 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61595 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61597 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61607 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61608 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61598 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61608 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61609 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61600 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61609 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61610 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61601 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61603 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61610 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61611 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61611 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61612 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61612 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61613 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61613 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61614 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61614 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61615 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61615 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61616 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61616 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61617 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61617 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61618 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61618 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61619 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61619 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61620 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61620 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61621 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61621 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61622 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61622 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61623 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61623 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61624 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61624 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cmd.exe
PAYLOAD.exeCreateFileMappingC:\Windows\System32\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
PAYLOAD.exeQuerySecurityFileC:\Windows\System32\cmd.exe
PAYLOAD.exeQueryNameInformationFileC:\Windows\System32\cmd.exe
PAYLOAD.exeProcess CreateC:\Windows\system32\cmd.exe
PAYLOAD.exeQuerySecurityFileC:\Windows\System32\cmd.exe
PAYLOAD.exeQueryBasicInformationFileC:\Windows\System32\cmd.exe
PAYLOAD.exeRegOpenKeyHKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
PAYLOAD.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe
PAYLOAD.exeRegOpenKeyHKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide
PAYLOAD.exeRegQueryValueHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
PAYLOAD.exeRegCloseKeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide
PAYLOAD.exeCloseFileC:\Windows\System32\cmd.exe
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61625 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61625 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61626 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61626 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61627 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61627 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61628 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61628 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61629 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61629 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61630 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61630 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61631 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61631 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\499A33E0443541BDB3382D625796DD60
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw499A33E0443541BDB3382D625796DD60.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.txt
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeQueryInformationVolumeC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeQueryAllInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeQueryStandardInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.zip
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8997E08648B94F6999293C63C3E66BDF
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61632 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61632 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.txt
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.txt
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\aa9abf4f-9eb7-4b46-8e4a-ca339e45c053.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61633 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61634 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61635 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61636 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61637 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61638 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61639 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeWriteFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61640 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61640 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61641 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61641 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61642 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61633 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61642 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61643 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61634 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61635 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61643 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61644 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61636 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61644 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61645 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61637 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61638 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61645 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61646 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61639 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61646 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61647 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61647 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61648 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61648 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61649 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61649 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61650 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61650 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61651 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61651 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61652 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61652 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61653 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61653 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61654 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61654 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61655 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61655 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61656 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61656 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61657 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61657 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61658 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61658 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61659 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61659 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61660 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61660 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61661 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP ReceiveWIN-TAKV3SQU51G.localdomain:61661 -> google-public-dns-a.google.com:domain
PAYLOAD.exeUDP SendWIN-TAKV3SQU51G.localdomain:61662 -> google-public-dns-a.google.com:domain
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeReadFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\Tmp988711019
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\*.txt
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles
PAYLOAD.exeCreateFileC:\ProgramData\stat.dat
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\8CD2E08D24C74CD29F87DE734BCD4F14
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeQueryAttributeTagFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeSetDispositionInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\TmpFiles\dw8CD2E08D24C74CD29F87DE734BCD4F14.txt
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryBasicInformationFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeCreateFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles
PAYLOAD.exeQueryDirectoryC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles\*.txt
PAYLOAD.exeCloseFileC:\Users\xxx\AppData\Local\Microsoft\Windows\CRMFiles