API tools faq
paste
opexxx

registryActivity

opexxx
Mar 9th, 2017
141
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.77 KB | None | 0 0
raw download clone embed print report
  1. SetValue [23]
  2. key \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  3. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  4. valueType REG_DWORD
  5. value DisableAntiSpyware
  6. valueDataSize 4
  7. data
  8. 00000001
  9. key \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
  10. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  11. valueType REG_DWORD
  12. value DisableBehaviorMonitoring
  13. valueDataSize 4
  14. data
  15. 00000001
  16. key \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
  17. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  18. valueType REG_DWORD
  19. value DisableOnAccessProtection
  20. valueDataSize 4
  21. data
  22. 00000001
  23. key \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
  24. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  25. valueType REG_DWORD
  26. value DisableScanOnRealtimeEnable
  27. valueDataSize 4
  28. data
  29. 00000001
  30. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  31. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  32. valueType REG_DWORD
  33. value EnableLUA
  34. valueDataSize 4
  35. data
  36. 00000000
  37. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\Wscript_RASAPI32
  38. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  39. valueType REG_DWORD
  40. value EnableFileTracing
  41. valueDataSize 4
  42. data
  43. 00000000
  44. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\Wscript_RASAPI32
  45. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  46. valueType REG_DWORD
  47. value EnableConsoleTracing
  48. valueDataSize 4
  49. data
  50. 00000000
  51. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\Wscript_RASAPI32
  52. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  53. valueType REG_DWORD
  54. value FileTracingMask
  55. valueDataSize 4
  56. data
  57. ffff0000
  58. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\Wscript_RASAPI32
  59. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  60. valueType REG_DWORD
  61. value ConsoleTracingMask
  62. valueDataSize 4
  63. data
  64. ffff0000
  65. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\Wscript_RASAPI32
  66. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  67. valueType REG_DWORD
  68. value MaxFileSize
  69. valueDataSize 4
  70. data
  71. 00100000
  72. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\Wscript_RASAPI32
  73. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  74. valueType REG_EXPAND_SZ
  75. value FileDirectory
  76. valueDataSize 34
  77. data
  78. %windir%\tracing
  79. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\Wscript_RASMANCS
  80. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  81. valueType REG_DWORD
  82. value EnableFileTracing
  83. valueDataSize 4
  84. data
  85. 00000000
  86. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\Wscript_RASMANCS
  87. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  88. valueType REG_DWORD
  89. value EnableConsoleTracing
  90. valueDataSize 4
  91. data
  92. 00000000
  93. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\Wscript_RASMANCS
  94. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  95. valueType REG_DWORD
  96. value FileTracingMask
  97. valueDataSize 4
  98. data
  99. ffff0000
  100. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\Wscript_RASMANCS
  101. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  102. valueType REG_DWORD
  103. value ConsoleTracingMask
  104. valueDataSize 4
  105. data
  106. ffff0000
  107. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\Wscript_RASMANCS
  108. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  109. valueType REG_DWORD
  110. value MaxFileSize
  111. valueDataSize 4
  112. data
  113. 00100000
  114. key \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\Wscript_RASMANCS
  115. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  116. valueType REG_EXPAND_SZ
  117. value FileDirectory
  118. valueDataSize 34
  119. data
  120. %windir%\tracing
  121. key \REGISTRY\USER\S-1-5-21-3558273304-2305715256-1486658336-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  122. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  123. valueType REG_DWORD
  124. value ProxyEnable
  125. valueDataSize 4
  126. data
  127. 00000000
  128. key \REGISTRY\USER\S-1-5-21-3558273304-2305715256-1486658336-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  129. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  130. valueType REG_BINARY
  131. value SavedLegacySettings
  132. valueDataSize 312
  133. data
  134. 46000000ba000000090000000000000000000000000000000400000000000000c0a965f9998cd201000000000000000000000000020000001700000000000000fe80000000000000382e2adbe237c9510b000000000000001700000000000000fe80000000000000382e2adbe237c9510b000000000000001c00000000000000000000000000000000000000000000000000000000000000170000000000000000000000000000000000ffffc0a80167000000000000000002000000c0a801670000000000000000000000000000000000000000000000000c00000c3b23000070264600b0464500000000000400000000000000010000000300000000000000000000006c5b3b00feffffff0c00000002000000010000000000000080000000000000000000000000000000000000000000000000000000
  135. key \REGISTRY\USER\S-1-5-21-3558273304-2305715256-1486658336-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
  136. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  137. valueType REG_DWORD
  138. value UNCAsIntranet
  139. valueDataSize 4
  140. data
  141. 00000000
  142. key \REGISTRY\USER\S-1-5-21-3558273304-2305715256-1486658336-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
  143. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  144. valueType REG_DWORD
  145. value AutoDetect
  146. valueDataSize 4
  147. data
  148. 00000001
  149. key \REGISTRY\USER\S-1-5-21-3558273304-2305715256-1486658336-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
  150. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  151. valueType REG_DWORD
  152. value UNCAsIntranet
  153. valueDataSize 4
  154. data
  155. 00000000
  156. key \REGISTRY\USER\S-1-5-21-3558273304-2305715256-1486658336-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
  157. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  158. valueType REG_DWORD
  159. value AutoDetect
  160. valueDataSize 4
  161. data
  162. 00000001
  163.  
  164. CreateKey [5]
  165. key \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  166. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  167. key \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
  168. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  169. key \REGISTRY\MACHINE\Software\Microsoft\Tracing\Wscript_RASAPI32
  170. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  171. key \REGISTRY\MACHINE\Software\Microsoft\Tracing\Wscript_RASMANCS
  172. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  173. key \REGISTRY\\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
  174. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  175.  
  176. OpenKey [13]
  177. key \REGISTRY\USER\S-1-5-21-3558273304-2305715256-1486658336-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  178. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  179. key \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3558273304-2305715256-1486658336-1000
  180. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  181. key \REGISTRY\USER\S-1-5-21-3558273304-2305715256-1486658336-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  182. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  183. key \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
  184. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  185. key \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
  186. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  187. key \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
  188. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  189. key \REGISTRY\USER\S-1-5-21-3558273304-2305715256-1486658336-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  190. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  191. key \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3558273304-2305715256-1486658336-1000
  192. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  193. key \REGISTRY\USER\S-1-5-21-3558273304-2305715256-1486658336-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  194. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  195. key \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3558273304-2305715256-1486658336-1000
  196. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  197. key \REGISTRY\USER\S-1-5-21-3558273304-2305715256-1486658336-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  198. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  199. key \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3558273304-2305715256-1486658336-1000
  200. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
  201. key \REGISTRY\USER\S-1-5-21-3558273304-2305715256-1486658336-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  202. process C:\Windows\System32\wscript.exe (v. 5.8.7600.16385)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!