-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcurradv.json
More file actions
1 lines (1 loc) · 7.43 KB
/
curradv.json
File metadata and controls
1 lines (1 loc) · 7.43 KB
1
{"summary": {"files": ["vqhPnr", "Araujia", "Microsoft", "_locales", "explorer", "6L2a", "Local", "staticcache", "C:\\Users\\John\\kieawi.exe", "gdi32", "User Data", "IeszFFnL"], "read_files": ["John", "\\Device\\KsecDD", "AppData", "Temp", "Temp"], "write_files": ["61p9pe", "NvriKb9"], "delete_files": [], "keys": ["Temp", "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US", "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US", "reaper", "ws2_32", "privity", "bmp", "Google", "Temporary Internet Files", "DisableUserModeCallbackFilter", "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Windows Error Reporting\\WMR", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\SafeProcessSearchMode", "NXxbg", "JVrQXInld", "gavel", "Wow6432Node", "Fusion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\VBA\\Monitors", "underbearer", "services", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad6-29d6-11ec-88e3-806e6f6e6963}\\", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad6-29d6-11ec-88e3-806e6f6e6963}\\Data", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad6-29d6-11ec-88e3-806e6f6e6963}\\Generation", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad2-29d6-11ec-88e3-806e6f6e6963}\\", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad2-29d6-11ec-88e3-806e6f6e6963}\\Data", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad2-29d6-11ec-88e3-806e6f6e6963}\\Generation", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad3-29d6-11ec-88e3-806e6f6e6963}\\", "System", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad3-29d6-11ec-88e3-806e6f6e6963}\\Generation", "Temp", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\kieawi", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden"], "read_keys": ["HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US", "Microsoft", "Zfx1", "mui", "DisableUserModeCallbackFilter", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable", "straphang", "LookupAccountNameW", "0", "tgPIdvF", "uTeR", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad6-29d6-11ec-88e3-806e6f6e6963}\\Data", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad6-29d6-11ec-88e3-806e6f6e6963}\\Generation", "All Users", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad2-29d6-11ec-88e3-806e6f6e6963}\\Generation", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad3-29d6-11ec-88e3-806e6f6e6963}\\Data", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad3-29d6-11ec-88e3-806e6f6e6963}\\Generation"], "write_keys": ["assets", "nark"], "delete_keys": [], "executed_commands": ["Program Files", "winsxs"], "resolved_apis": ["kernel32.dll.IsProcessorFeaturePresent", "kernel32.dll.SortGetHandle", "kernel32.dll.SortCloseHandle", "cryptbase.dll.SystemFunction036", "uxtheme.dll.ThemeInitApiHook", "user32.dll.IsProcessDPIAware", "oleaut32.dll.OleLoadPictureEx", "oleaut32.dll.DispCallFunc", "oleaut32.dll.LoadTypeLibEx", "oleaut32.dll.UnRegisterTypeLib", "oleaut32.dll.CreateTypeLib2", "oleaut32.dll.VarDateFromUdate", "oleaut32.dll.VarUdateFromDate", "oleaut32.dll.GetAltMonthNames", "oleaut32.dll.VarNumFromParseNum", "oleaut32.dll.VarParseNumFromStr", "oleaut32.dll.VarDecFromR4", "oleaut32.dll.VarDecFromR8", "oleaut32.dll.VarDecFromDate", "oleaut32.dll.VarDecFromI4", "oleaut32.dll.VarDecFromCy", "oleaut32.dll.VarR4FromDec", "oleaut32.dll.GetRecordInfoFromTypeInfo", "oleaut32.dll.GetRecordInfoFromGuids", "oleaut32.dll.SafeArrayGetRecordInfo", "oleaut32.dll.SafeArraySetRecordInfo", "oleaut32.dll.SafeArrayGetIID", "oleaut32.dll.SafeArraySetIID", "oleaut32.dll.SafeArrayCopyData", "oleaut32.dll.SafeArrayAllocDescriptorEx", "oleaut32.dll.SafeArrayCreateEx", "oleaut32.dll.VarFormat", "oleaut32.dll.VarFormatDateTime", "oleaut32.dll.VarFormatNumber", "oleaut32.dll.VarFormatPercent", "oleaut32.dll.VarFormatCurrency", "oleaut32.dll.VarWeekdayName", "oleaut32.dll.VarMonthName", "oleaut32.dll.VarAdd", "oleaut32.dll.VarAnd", "oleaut32.dll.VarCat", "oleaut32.dll.VarDiv", "oleaut32.dll.VarEqv", "oleaut32.dll.VarIdiv", "oleaut32.dll.VarImp", "oleaut32.dll.VarMod", "oleaut32.dll.VarMul", "oleaut32.dll.VarOr", "oleaut32.dll.VarPow", "oleaut32.dll.VarSub", "oleaut32.dll.VarXor", "oleaut32.dll.VarAbs", "oleaut32.dll.VarFix", "oleaut32.dll.VarInt", "oleaut32.dll.VarNeg", "oleaut32.dll.VarNot", "oleaut32.dll.VarRound", "oleaut32.dll.VarCmp", "oleaut32.dll.VarDecAdd", "oleaut32.dll.VarDecCmp", "oleaut32.dll.VarBstrCat", "oleaut32.dll.VarCyMulI4", "oleaut32.dll.VarBstrCmp", "ole32.dll.CoCreateInstanceEx", "ole32.dll.CLSIDFromProgIDEx", "sxs.dll.SxsOleAut32MapIIDOrCLSIDToTypeLibrary", "user32.dll.GetSystemMetrics", "user32.dll.MonitorFromWindow", "user32.dll.MonitorFromRect", "user32.dll.MonitorFromPoint", "user32.dll.EnumDisplayMonitors", "user32.dll.GetMonitorInfoA", "winmm.dll.timeGetTime", "kernel32.dll.GetModuleFileNameW", "kernel32.dll.GetCompressedFileSizeW", "kernel32.dll.Sleep", "shell32.dll.SHGetSpecialFolderPathW", "advapi32.dll.GetUserNameW", "kernel32.dll.OpenMutexW", "kernel32.dll.CreateMutexW", "kernel32.dll.ReleaseMutex", "kernel32.dll.CloseHandle", "kernel32.dll.SetFileAttributesW", "shell32.dll.ShellExecuteW", "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW", "setupapi.dll.CM_Get_Device_Interface_List_ExW", "user32.dll.RegisterClassW", "user32.dll.CreateWindowExW", "user32.dll.DefWindowProcW", "dwmapi.dll.DwmIsCompositionEnabled", "user32.dll.ShowWindow", "user32.dll.SetWindowLongW", "ws2_32.dll.WSAStartup", "ws2_32.dll.htons", "ws2_32.dll.gethostbyname", "ws2_32.dll.socket", "ws2_32.dll.connect", "ws2_32.dll.WSAAsyncSelect", "user32.dll.GetMessageW", "kernel32.dll.GetLogicalDriveStringsW", "kernel32.dll.GetDriveTypeW", "user32.dll.SetTimer", "kernel32.dll.GetLogicalDrives", "kernel32.dll.CreateToolhelp32Snapshot", "kernel32.dll.Process32First", "kernel32.dll.Process32Next", "kernel32.dll.GetCurrentProcessId", "kernel32.dll.OpenProcess", "kernel32.dll.GetModuleHandleW", "kernel32.dll.GetProcAddress", "kernel32.dll.TerminateProcess", "kernel32.dll.TerminateThread", "kernel32.dll.WriteProcessMemory", "advapi32.dll.RegCreateKeyExW", "advapi32.dll.RegSetValueExW", "advapi32.dll.RegCloseKey"], "mutexes": ["resources"], "created_services": ["Program Files", "tmp", "amd64_prnep00c"], "started_services": []}}