| ProcessID | ProcessName | Type | HANDLE |
|---|
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Directory | \KnownDlls |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Users\xxx\Desktop |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Desktop | \Default |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\.NETFramework |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Directory | \Sessions\1\BaseNamedObjects |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \BaseNamedObjects\Cor_Private_IPCBlock_1720 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \BaseNamedObjects\Cor_Public_IPCBlock_1720 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Event | \BaseNamedObjects\CorDBIPCSetupSyncEvent_1720 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \Sessions\1\BaseNamedObjects\windows_shell_global_counters |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Event | \KernelObjects\LowMemoryCondition |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_64\indexbb.dat |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\KsecDD |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\assembly\pubpol4.dat |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Mutant | \Sessions\1\BaseNamedObjects\MyUniqueMutexName |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | ALPC Port | \RPC Control\OLECF97FA19065E4F2EAD0DB6D75C2C |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \Sessions\1\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000_CLASSES |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Event | \KernelObjects\MaximumCommitCondition |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \...\ASqmManifestVersion |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000_CLASSES |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\Afd |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2112AB0A-C86A-4FFE-A368-0DE96E47012E}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\System32\wshom.ocx |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{491E922F-5643-4AF4-A7EB-4E7A138D8174}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{33E28130-4E1E-4676-835A-98395C3BC3BB}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2400183A-6185-49FB-A2D8-4A392A602BA3}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A302545D-DEFF-464B-ABE8-61C8648D939B}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{4BD8D571-6D19-48D3-BE97-422220080E43}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A990AE9F-A03B-4E80-94BC-9912D7504104}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Microsoft\Windows NT\CurrentVersion |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\KsecDD |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\Afd |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\Afd |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\Afd |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \Sessions\1\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Mutant | \Sessions\1\BaseNamedObjects\RasPbFile |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\ff_RASAPI32 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\Afd |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Section | \BaseNamedObjects\netfxcustomperfcounters.1.0.net clr networking |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\Afd |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\ff_RASMANCS |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\Nsi |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\Afd |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\Afd |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\Afd |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\Afd |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Microsoft\SystemCertificates\My |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Microsoft\SystemCertificates\CA |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Microsoft\SystemCertificates\Disallowed |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Microsoft\SystemCertificates\Root |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Microsoft\SystemCertificates\TrustedPeople |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Microsoft\SystemCertificates\SmartCardRoot |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Microsoft\SystemCertificates\trust |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000 |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Policies\Microsoft\SystemCertificates |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\HarddiskVolume1\Users\xxx\AppData\Roaming\Microsoft\SystemCertificates\My |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\NamedPipe\ |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | File | \Device\Afd |
| 1720 | \Device\HarddiskVolume1\Users\xxx\Desktop\kara_sample.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Directory | \KnownDlls |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Desktop | \Default |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Directory | \BaseNamedObjects |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | File | \Device\KsecDD |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \BaseNamedObjects\UsGthrCtrlFltPipeMssGthrPipe10 |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Event | \BaseNamedObjects\UsGthrCtrlFltPipeMssGthrPipe10SDE |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Event | \BaseNamedObjects\UsGthrCtrlFltPipeMssGthrPipe10DRE |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \...\ASqmManifestVersion |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Event | \BaseNamedObjects\UsGthrCtrlFltPipeMssGthrPipe10DAE |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Event | \BaseNamedObjects\UsGthrCtrlFltPipeMssGthrPipe10DSE |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Semaphore | \BaseNamedObjects\UsGthrCtrlFltPipeMssGthrPipe10TRM |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Semaphore | \BaseNamedObjects\UsGthrCtrlFltPipeMssGthrPipe10RCM |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \BaseNamedObjects\UsGthrFltPipeMssGthrPipe10_1 |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Event | \BaseNamedObjects\UsGthrFltPipeMssGthrPipe10_1DRE |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Event | \BaseNamedObjects\UsGthrFltPipeMssGthrPipe10_1DAE |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Event | \BaseNamedObjects\UsGthrFltPipeMssGthrPipe10_1DSE |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Semaphore | \BaseNamedObjects\UsGthrFltPipeMssGthrPipe10_1TRM |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Semaphore | \BaseNamedObjects\UsGthrFltPipeMssGthrPipe10_1RCM |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | ALPC Port | \RPC Control\OLE15B4CD57B0DB4081B23957E3A14E |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\USER\.DEFAULT |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Key | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 1728 | \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Directory | \KnownDlls |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Key | \REGISTRY\MACHINE |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Desktop | \mssrestricteddesk |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | WindowStation | \Windows\WindowStations\msswindowstation |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Directory | \BaseNamedObjects |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | File | \Device\KsecDD |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Section | \...\ASqmManifestVersion |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | ALPC Port | \RPC Control\OLE54AA1B5447DC4913AD497CEE09F3 |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Extensions |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | File | \Device\HarddiskVolume1\Windows\System32\mlang.dat |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Desktop | \mssrestricteddesk |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | WindowStation | \Windows\WindowStations\msswindowstation |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db |
| 2504 | \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Directory | \KnownDlls |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Directory | \KnownDlls32 |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\HarddiskVolume1\Windows |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Directory | \KnownDlls32 |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Key | \REGISTRY\MACHINE |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\KsecDD |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Desktop | \Default |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\NamedPipe\wkssvc |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\NamedPipe\srvsvc |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Directory | \Sessions\1\BaseNamedObjects |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Section | \Sessions\1\BaseNamedObjects\windows_shell_global_counters |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000 |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000_CLASSES |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\Afd |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Event | \KernelObjects\MaximumCommitCondition |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Section | \...\ASqmManifestVersion |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\Afd |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\Afd |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\Afd |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\HarddiskVolume1\Users\xxx\AppData\Roaming\tor\lock |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64\en-US\KernelBase.dll.mui |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\Afd |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\Afd |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\Afd |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Section | \Sessions\1\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | Section | \Sessions\1\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\Afd |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\Afd |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\Afd |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\Afd |
| 984 | \Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Tor\Microsoft.vshub.32.exe | File | \Device\Afd |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Directory | \KnownDlls |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | ALPC Port | \RPC Control\console-0x0000000000000980-lpc-handle |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Desktop | \Default |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\conhost.exe.mui |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Directory | \Sessions\1\BaseNamedObjects |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Event | \BaseNamedObjects\ConsoleEvent-0x0000000000000980 |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 2432 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Directory | \KnownDlls |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Desktop | \Default |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Directory | \Sessions\1\BaseNamedObjects |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\KsecDD |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\USER\S-1-5-21-1400670246-2581911933-2921422024-1000_CLASSES |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | ALPC Port | \RPC Control\OLE0F40A7871FD54F4CB670F12D849B |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Section | \...\ASqmManifestVersion |
| 2720 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Directory | \KnownDlls |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Desktop | \Default |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Directory | \Sessions\1\BaseNamedObjects |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\KsecDD |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | ALPC Port | \RPC Control\OLE620472D32E3C4903ADDC86CBEF62 |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Section | \...\ASqmManifestVersion |
| 2444 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Directory | \KnownDlls |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Desktop | \Default |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Directory | \BaseNamedObjects |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\KsecDD |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | ALPC Port | \RPC Control\OLE02168566251B46DC87842ECA1C65 |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Section | \...\ASqmManifestVersion |
| 928 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf |