-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathptb.json
More file actions
1 lines (1 loc) · 14.7 KB
/
ptb.json
File metadata and controls
1 lines (1 loc) · 14.7 KB
1
{"summary":{"keys":["HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT","HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US","HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\00060101.00060101","HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Locale","HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Locale\\Alternate Sorts","HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Language Groups","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1","DisableUserModeCallbackFilter","HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Windows Error Reporting\\WMR","HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\SafeProcessSearchMode","HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Codepage","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\932","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\949","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\950","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\936","HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\VBA\\Monitors","HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\0b92f001087f1a9399f62981.exe","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad6-29d6-11ec-88e3-806e6f6e6963}\\","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad6-29d6-11ec-88e3-806e6f6e6963}\\Data","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad6-29d6-11ec-88e3-806e6f6e6963}\\Generation","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad2-29d6-11ec-88e3-806e6f6e6963}\\","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad2-29d6-11ec-88e3-806e6f6e6963}\\Data","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad2-29d6-11ec-88e3-806e6f6e6963}\\Generation","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad3-29d6-11ec-88e3-806e6f6e6963}\\","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad3-29d6-11ec-88e3-806e6f6e6963}\\Data","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad3-29d6-11ec-88e3-806e6f6e6963}\\Generation","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\deoufo","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden","HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Locale\\Alternate Sorts","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1","HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale","HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale","HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize","HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Language Groups","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409","HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Windows Error Reporting\\WMR","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\00060101.00060101","HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable","DisableUserModeCallbackFilter","HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Locale"],"resolved_apis":["kernel32.dll.IsProcessorFeaturePresent","kernel32.dll.SortGetHandle","kernel32.dll.SortCloseHandle","cryptbase.dll.SystemFunction036","uxtheme.dll.ThemeInitApiHook","user32.dll.IsProcessDPIAware","oleaut32.dll.OleLoadPictureEx","oleaut32.dll.DispCallFunc","oleaut32.dll.LoadTypeLibEx","oleaut32.dll.UnRegisterTypeLib","oleaut32.dll.CreateTypeLib2","oleaut32.dll.VarDateFromUdate","oleaut32.dll.VarUdateFromDate","oleaut32.dll.GetAltMonthNames","oleaut32.dll.VarNumFromParseNum","oleaut32.dll.VarParseNumFromStr","oleaut32.dll.VarDecFromR4","oleaut32.dll.VarDecFromR8","oleaut32.dll.VarDecFromDate","oleaut32.dll.VarDecFromI4","oleaut32.dll.VarDecFromCy","oleaut32.dll.VarR4FromDec","oleaut32.dll.GetRecordInfoFromTypeInfo","oleaut32.dll.GetRecordInfoFromGuids","oleaut32.dll.SafeArrayGetRecordInfo","oleaut32.dll.SafeArraySetRecordInfo","oleaut32.dll.SafeArrayGetIID","oleaut32.dll.SafeArraySetIID","oleaut32.dll.SafeArrayCopyData","oleaut32.dll.SafeArrayAllocDescriptorEx","oleaut32.dll.SafeArrayCreateEx","oleaut32.dll.VarFormat","oleaut32.dll.VarFormatDateTime","oleaut32.dll.VarFormatNumber","oleaut32.dll.VarFormatPercent","oleaut32.dll.VarFormatCurrency","oleaut32.dll.VarWeekdayName","oleaut32.dll.VarMonthName","oleaut32.dll.VarAdd","oleaut32.dll.VarAnd","oleaut32.dll.VarCat","oleaut32.dll.VarDiv","oleaut32.dll.VarEqv","oleaut32.dll.VarIdiv","oleaut32.dll.VarImp","oleaut32.dll.VarMod","oleaut32.dll.VarMul","oleaut32.dll.VarOr","oleaut32.dll.VarPow","oleaut32.dll.VarSub","oleaut32.dll.VarXor","oleaut32.dll.VarAbs","oleaut32.dll.VarFix","oleaut32.dll.VarInt","oleaut32.dll.VarNeg","oleaut32.dll.VarNot","oleaut32.dll.VarRound","oleaut32.dll.VarCmp","oleaut32.dll.VarDecAdd","oleaut32.dll.VarDecCmp","oleaut32.dll.VarBstrCat","oleaut32.dll.VarCyMulI4","oleaut32.dll.VarBstrCmp","ole32.dll.CoCreateInstanceEx","ole32.dll.CLSIDFromProgIDEx","sxs.dll.SxsOleAut32MapIIDOrCLSIDToTypeLibrary","user32.dll.GetSystemMetrics","user32.dll.MonitorFromWindow","user32.dll.MonitorFromRect","user32.dll.MonitorFromPoint","user32.dll.EnumDisplayMonitors","user32.dll.GetMonitorInfoA","kernel32.dll.GetModuleFileNameW","user32.dll.CallWindowProcW","kernel32.dll.Sleep","shell32.dll.SHGetSpecialFolderPathW","advapi32.dll.GetUserNameW","kernel32.dll.OpenMutexW","kernel32.dll.CreateMutexW","kernel32.dll.ReleaseMutex","kernel32.dll.CloseHandle","kernel32.dll.SetFileAttributesW","shell32.dll.ShellExecuteW","setupapi.dll.CM_Get_Device_Interface_List_Size_ExW","setupapi.dll.CM_Get_Device_Interface_List_ExW","kernel32.dll.CreateToolhelp32Snapshot","kernel32.dll.Process32First","kernel32.dll.Process32Next","kernel32.dll.GetCurrentProcessId","kernel32.dll.OpenProcess","kernel32.dll.GetModuleHandleW","kernel32.dll.GetProcAddress","kernel32.dll.TerminateProcess","kernel32.dll.TerminateThread","kernel32.dll.WriteProcessMemory","advapi32.dll.RegCreateKeyExW","advapi32.dll.RegSetValueExW","advapi32.dll.RegCloseKey","user32.dll.RegisterClassW","user32.dll.CreateWindowExW","user32.dll.DefWindowProcW","dwmapi.dll.DwmIsCompositionEnabled","user32.dll.ShowWindow","user32.dll.SetWindowLongW","ws2_32.dll.WSAStartup","ws2_32.dll.htons","ws2_32.dll.gethostbyname","ws2_32.dll.socket","ws2_32.dll.connect","ws2_32.dll.WSAAsyncSelect","user32.dll.GetMessageW","kernel32.dll.GetLogicalDriveStringsW","kernel32.dll.GetDriveTypeW","user32.dll.SetTimer","kernel32.dll.GetLogicalDrives","kernel32.dll.SortCloseHandle","kernel32.dll.CloseHandle","kernel32.dll.WriteFile","advapi32.dll.RegCloseKey","kernel32.dll.Sleep","kernel32.dll.VirtualAlloc","kernel32.dll.SortGetHandle","kernel32.dll.ExitProcess","kernel32.dll.ReadFile","kernel32.dll.GetModuleHandleA"],"executed_commands":["\"C:\\Users\\John\\deoufo.exe\"","C:\\Users\\John\\deoufo.exe ","reg add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced /f /v Hidden /t REG_DWORD /d 2","cscript C:\\Users\\John\\AppData\\Local\\Temp/file.vbs","C:\\Windows\\system32\\cmd.exe /c C:\\Users\\John\\AppData\\Local\\Temp\\choco.exe","\"C:\\Users\\John\\AppData\\Local\\Temp\\setup.exe\"","\"C:\\ProgramData\\HWcAckgg\\QgQAYoYM.exe\"","reg add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced /f /v HideFileExt /t REG_DWORD /d 1","\"C:\\Users\\John\\RKMcgggk\\PoEQoAEI.exe\"","C:\\Users\\John\\AppData\\Local\\Temp\\choco.exe","C:\\Users\\John\\AppData\\Local\\Temp\\setup.exe","C:\\Windows\\system32\\cmd.exe /c C:\\Users\\John\\AppData\\Local\\Temp\\setup.exe","reg add HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v EnableLUA /d 0 /t REG_DWORD /f"],"write_keys":["HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\deoufo","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\PoEQoAEI.exe","ThreadingModel","HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\Winlogon\\Userinit","HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad\\Web Event Logger","HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit","(Default)","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt","HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\QgQAYoYM.exe","HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit"],"files":["C:\\Windows\\Globalization\\Sorting\\sortdefault.nls","\\Device\\KsecDD","C:\\Users\\John\\AppData\\Local\\Temp\\0b92f001087f1a9399f62981.exe.cfg","C:\\Windows\\sysnative\\C_932.NLS","C:\\Windows\\sysnative\\C_949.NLS","C:\\Windows\\sysnative\\C_950.NLS","C:\\Windows\\sysnative\\C_936.NLS","C:\\Users\\John\\AppData\\Local\\Temp\\0b92f001087f1a9399f62981.exe","C:\\Users\\John\\deoufo.exe","\\??\\MountPointManager","\\Device\\Afd\\AsyncSelectHlp","C:\\Users\\John\\deoufo.exe.cfg","C:\\Users\\John\\AppData\\Local\\Temp","C:\\Users\\John","C:\\Users","C:\\Windows\\Globalization\\Sorting\\sortdefault.nls","C:\\Windows\\SysWOW64\\en-US\\KERNELBASE.dll.mui","\\Device\\KsecDD","C:\\Users\\John\\AppData","C:\\Users\\John\\AppData\\Local","C:\\","C:\\*"],"read_files":["C:\\Windows\\Globalization\\Sorting\\sortdefault.nls","\\Device\\KsecDD","C:\\Users\\John\\AppData\\Local\\Temp\\0b92f001087f1a9399f62981.exe","\\Device\\Afd\\AsyncSelectHlp","C:\\Users\\John\\deoufo.exe","C:\\Windows\\SysWOW64\\en-US\\KERNELBASE.dll.mui","\\??\\PIPE\\samr","\\Device\\KsecDD","C:\\Boot\\memtest.exe","C:\\ProgramData\\XyogosAE\\EEIEsYos.exe","C:\\ProgramData\\HWcAckgg\\QgQAYoYM.exe","C:\\Users\\John\\RKMcgggk\\PoEQoAEI.exe","C:\\ProgramData\\HWcAckgg\\QgQAYoYM","C:\\Users\\John\\RKMcgggk\\PoEQoAEI","C:\\Windows\\Globalization\\Sorting\\sortdefault.nls","C:\\Windows\\SysWOW64\\en-US\\reg.exe.mui","C:\\ProgramData\\AKwE.txt"],"started_services":[],"created_services":[],"write_files":["C:\\Users\\John\\deoufo.exe","\\Device\\Afd\\AsyncSelectHlp","\\??\\PIPE\\samr","C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.exe","\\??\\PIPE\\wkssvc","C:\\ProgramData\\XyogosAE\\EEIEsYos.exe","\\Device\\LanmanDatagramReceiver","C:\\ProgramData\\HWcAckgg\\QgQAYoYM.exe","C:\\Users\\John\\RKMcgggk\\PoEQoAEI.exe","C:\\ProgramData\\HWcAckgg\\QgQAYoYM","C:\\Users\\John\\RKMcgggk\\PoEQoAEI","C:\\ProgramData\\AKwE.txt"],"delete_keys":[],"read_keys":["HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\00060101.00060101","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1","DisableUserModeCallbackFilter","HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\SafeProcessSearchMode","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\932","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\949","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\950","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\936","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad6-29d6-11ec-88e3-806e6f6e6963}\\Data","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad6-29d6-11ec-88e3-806e6f6e6963}\\Generation","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad2-29d6-11ec-88e3-806e6f6e6963}\\Data","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad2-29d6-11ec-88e3-806e6f6e6963}\\Generation","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad3-29d6-11ec-88e3-806e6f6e6963}\\Data","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee82dad3-29d6-11ec-88e3-806e6f6e6963}\\Generation","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409","HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\00060101.00060101","HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable","HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension","DisableUserModeCallbackFilter"],"delete_files":[],"mutexes":["J","\\x101@","\\x181@","\\xe80@","bMoYgwEU1","DCoIEEEw1","PkIwEgss","\\x081@","KeYwoEIk","\\xf00@"," 1@","\\xf80@"]}}