| ProcessID | ProcessName | Type | HANDLE |
|---|
| 3196 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Directory | \KnownDlls |
| 3196 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | File | \Device\HarddiskVolume1\Users\ttt\Desktop |
| 3196 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 3196 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 3196 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | WindowStation | \Sessions\2\Windows\WindowStations\WinSta0 |
| 3196 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Desktop | \Default |
| 3196 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | WindowStation | \Sessions\2\Windows\WindowStations\WinSta0 |
| 3196 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\MACHINE |
| 3196 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\USER\S-1-5-21-3869680945-4122609329-3341077231-1000\Software\Microsoft\Windows NT\CurrentVersion |
| 3196 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 3196 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Directory | \KnownDlls |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | File | \Device\HarddiskVolume1\Users\ttt\Desktop |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | WindowStation | \Sessions\2\Windows\WindowStations\WinSta0 |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Desktop | \Default |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | WindowStation | \Sessions\2\Windows\WindowStations\WinSta0 |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\MACHINE |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\USER\S-1-5-21-3869680945-4122609329-3341077231-1000 |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Directory | \Sessions\2\BaseNamedObjects |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | File | \Device\KsecDD |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\USER\S-1-5-21-3869680945-4122609329-3341077231-1000\Software\Microsoft\Windows NT\CurrentVersion |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | File | \Device\Nsi |
| 2704 | \Device\HarddiskVolume1\Users\ttt\Desktop\PAYLOAD.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |