Files Changed

The document details registry changes made by a system monitoring tool called Regshot between two snapshots. It lists two values that were deleted, 34 values that were modified, and provides the before and after values for many of the modified registry keys.

Uploaded by

Tony Sciascia

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

105 views

Files Changed

Uploaded by

Tony Sciascia

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 12

Regshot 1.9.

1 x64 Unicode (beta r321)

Comments:
Datetime: 2023-10-29 13:10:21, 2023-10-29 13:12:36
Computer: WINDOWS10, WINDOWS10
Username: tony, tony

----------------------------------
Values deleted: 2
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS\PerfMMFileName: "Global\
MMF_BITS582aa903-0d14-4dfe-8188-7e2c48c54d65"
HKLM\SOFTWARE\Microsoft\Windows Defender\ServiceStartStates: 0x00000001

----------------------------------
Values modified: 34
----------------------------------
HKLM\SOFTWARE\Microsoft\Multimedia\Audio\Journal\Render: 53 00 57 00 44 00 5C 00 4D
00 4D 00 44 00 45 00 56 00 41 00 50 00 49 00 5C 00 7B 00 30 00 2E 00 30 00 2E 00 30
00 2E 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 7D 00 2E 00 7B 00 33 00 30
00 66 00 31 00 34 00 63 00 34 00 65 00 2D 00 31 00 36 00 63 00 39 00 2D 00 34 00 38
00 66 00 62 00 2D 00 38 00 34 00 39 00 62 00 2D 00 36 00 38 00 61 00 34 00 39 00 36
00 61 00 30 00 35 00 34 00 61 00 37 00 7D 00 00 00 00 00 00 00 00 00 01 00 00 00 28
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7A DA E1 AF 49 A9 51 40 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00
HKLM\SOFTWARE\Microsoft\Multimedia\Audio\Journal\Render: 53 00 57 00 44 00 5C 00 4D
00 4D 00 44 00 45 00 56 00 41 00 50 00 49 00 5C 00 7B 00 30 00 2E 00 30 00 2E 00 30
00 2E 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 7D 00 2E 00 7B 00 33 00 30
00 66 00 31 00 34 00 63 00 34 00 65 00 2D 00 31 00 36 00 63 00 39 00 2D 00 34 00 38
00 66 00 62 00 2D 00 38 00 34 00 39 00 62 00 2D 00 36 00 38 00 61 00 34 00 39 00 36
00 61 00 30 00 35 00 34 00 61 00 37 00 7D 00 00 00 00 00 00 00 00 00 01 00 00 00 2A
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5C C7 13 9C D5 07 52 40 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00
HKLM\SOFTWARE\Microsoft\Windows Defender\Reporting\SigUpdateTimestampsSinceLastHB:
"10/29/2023 12:39:54.754765800 UTC;"
HKLM\SOFTWARE\Microsoft\Windows Defender\Reporting\SigUpdateTimestampsSinceLastHB:
""
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data\
418A073AA3BC1C75: 63 02 00 00 00 00 00 00 04 00 04 00 01 00 05 00 01 01 00 00 02 12
F8 00 72 ED 81 01 A5 AD CF 00 C7 77 D7 00 DB B4 EF 00 78 01 02 00 00 00 00 7F 45 01
01 BF 1E 01 01 CF 2A 01 02 12 F8 00 02 99 66 00 02 BC 94 01 02 E6 38 01 03 81 22 01
04 5C 78 02 04 93 1A 01 05 61 0F 01 08 8D 42 01 09 2B BE 02 09 92 F8 00 09 A3 36 01
09 EF 7D 00 0C 35 84 00 0C E9 C2 00 0D 37 C6 00 0D 78 79 00 0D A1 81 00 0D BE 82 01
0D D3 F9 00 0E 01 3E 01 0E 96 3D 01 0E 9B 82 02 0E BA CD 00 0F 05 DE 00 10 96 86 00
11 42 C2 00 12 E5 F8 00 13 BC 94 01 13 E9 78 00 15 B6 25 01 15 CE EB 00 17 93 38 01
19 C0 E2 00 1A E8 EC 01 1A EB B9 02 1B 42 78 00 1B F6 BC 02 1C 95 5C 00 1C A7 21 01
1D 49 12 01 1E 25 A8 02 1E 8D 52 00 1F 4E A8 00 21 01 3E 01 23 40 B2 02 23 CC 4F 01
24 6B 46 01 24 AC C7 00 24 C2 A8 02 25 60 F8 00 25 BE 17 01 27 17 B6 02 27 69 12 01
27 DB 21 01 28 A1 1B 01 29 20 3B 01 29 CC 10 01 2A 0E 39 01 2A 68 A9 00 2A B7 22 01
2A C7 D
E 00 2B 24 99 00 2B 2B C6 02 2C 3D 81 00 2C D8 42 01 2D 58 38 01 2D 72 FB 01 2D D8
F4 00 2E 80 1D 01 2F 95 46 01 30 20 B4 00 30 50 25 01 31 48 4F 00 32 57 A4 00 33 DF
5D 01 35 2C 5D 02 36 E9 D2 00 37 B5 92 02 3A 35 D8 00 3A 36 85 02 3A D6 72 02 3B CE
34 01 3C B3 52 00 3D 7F E6 00 3E A5 FA 00 3E D9 CC 01 40 56 F1 00 40 A5 6A 00 40 B0
2A 01 40 DE C8 02 41 A8 76 00 42 1D 0B 01 42 26 4A 00 42 B3 AE 00 43 AB 21 01 44 23
B9 02 44 B9 07 01 46 1D 0B 01 46 48 B6 00 46 79 D1 00 46 C2 21 01 48 F9 A6 00 49 EA
B7 00 4A 4C A7 02 4A AA 81 00 4C 41 B4 00 4C A7 70 00 4C B3 41 01 4C D6 85 02 4E 12
24 01 4E 9F F0 00 4E E7 C1 00 4F 14 C2 00 4F 34 28 01 50 C2 A7 02 50 EA 43 01 52 9D
41 02 52 9F 4A 01 52 A7 AA 00 54 7A 52 00 54 B7 DC 00 55 5F 2A 01 55 EA 73 02 56 4E
97 02 57 AD 12 01 58 0B D0 00 59 0F 1C 01 59 53 94 00 5A 5E B5 00 5C 74 65 01 5C F4
31 02 5D 44 B6 02 61 13 24 01 62 5A C6 01 63 96 77 00 63 9D C6 02 63 AC 9B 02 64 2F
AB 02 64 3A 97 02 64 81 C3 02 64 D4 19 01 65 30 54 01 65 A6 9E 00 67 57 A1 02
67 A1 80 02 6D 3E 43 01 6E F8 41 01 6F B3 11 01 70 2A 07 01 70 52 E2 01 70 D5 B5
02 71 05 28 01 71 40 A3 00 71 E3 72 00 72 3C 12 00 72 6E 4A 00 72 9B 37 01 72 A2 42
01 72 AE 87 02 72 ED 81 01 73 87 79 02 75 A3 7E 00 75 AB 0A 01 76 BC 21 01 77 F7 B8
02 78 EF 64 00 79 17 81 02 79 9C 39 00 7A E3 93 01 7B 45 D5 00 7B 9F EB 00 7B A8 D1
00 7E 10 44 01 7E FC B4 02 7F 88 CA 00 7F C1 A8 02 80 4C C3 02 81 06 95 00 81 77 78
02 82 27 73 00 82 58 68 01 83 06 1B 01 83 92 49 02 83 F1 60 00 84 4D 26 01 84 50 EB
00 84 E6 83 00 85 50 AE 00 85 A8 C3 02 87 6A 49 01 87 92 17 01 87 B1 4D 01 87 D7 21
01 87 F0 25 01 89 97 F5 00 8A 80 93 00 8A D3 00 02 8A FA E3 00 8B 4E 1D 01 8B 51 88
00 8B 9D A1 01 8B EE F2 00 8D E1 8F 02 8E 78 A2 00 8E 83 FD 01 8E D6 DC 01 8F 88 A2
02 8F EC 7C 02 90 48 1F 01 90 A6 A1 01 90 D5 D0 00 90 EE 37 01 91 23 D3 00 91 58 A4
02 93 86 61 00 93 CE 8C 01 94 90 A5 02 95 0B FE 00 95 9F 33 01 96 5D D2 00 97 6A B6
00 97 74 8D 00 98 72 46 01 99 FE F7 01 9A 29 C7 02 9B 20 D7 00 9B 2B DB 00 9B
4D 87 00 9C 47 41 01 9C 62 3A 01 9C A4 EB 00 9C E0 A8 00 9D 9D 92 00 9D A0 B0 02 9E
BB 0D 01 9F 3A AE 00 9F 91 92 01 A0 86 61 00 A0 CD 71 00 A1 89 C7 00 A2 05 06 00 A2
2E 1E 01 A3 B9 9D 02 A3 E7 15 01 A4 58 02 00 A5 AD CF 00 A6 1C A8 02 A6 44 A6 00 A6
95 1D 01 A7 B8 AD 00 A8 DE BE 02 A9 17 06 02 AB 36 AB 02 AC 54 F9 00 AD 73 BF 00 AD
D4 EC 00 B1 CE 98 00 B2 91 DD 00 B2 AA 21 01 B3 92 FB 00 B3 BF 2D 01 B4 F9 EA 00 B5
19 AA 02 B5 61 0D 01 B7 F0 02 02 B8 02 97 00 B8 34 38 01 B8 67 3B 01 B9 1A F3 00 B9
7D A7 02 B9 9E C9 01 BA F9 E9 00 BB 8E 8B 00 BC D2 2A 01 BD 38 8F 00 BD 53 98 00 BD
60 A9 02 BE 0C AC 00 BE 5A AA 02 BE 7E 45 01 BE 95 B4 02 BF 8E CE 00 C0 DB 49 01 C1
B2 AA 02 C2 0C 5B 02 C2 61 0B 01 C3 3E A3 00 C3 6D 81 00 C3 99 F3 00 C4 66 27 01 C5
35 C9 00 C7 5D D7 00 C7 77 D7 00 C9 26 2D 01 C9 2F B9 02 C9 38 97 00 C9 53 F1 00 CA
23 B7 00 CA 63 7F 00 CA 99 CE 00 CA DC 70 02 CB 27 AA 02 CB 74 DA 00 CC 49 56 00 CC
EF EF 00 CD AD 05 01 CF 67 69 01 D0 17 56 00 D1 9A 7B 00 D1 D2 A7 00 D3 82 6
1 00 D3 C7 AF 00 D4 32 99 02 D6 F6 DE 00 D8 D0 9E 02 D9 07 24 01 DA 38 C8 01 DB 26
D8 01 DC 6A 84 02 DC DC 7E 02 DD 1B 19 01 DF 1F 80 01 DF 5B B4 02 E0 3E E7 01 E1 7E
8C 00 E2 1B 56 00 E4 40 27 01 E4 48 97 02 E4 69 C9 00 E5 4C 27 01 E5 CE 9A 02 E6 3E
2B 0D E6 6C 81 00 E7 A4 D9 00 E8 80 3F 02 E8 9E FA 00 E8 E0 95 01 E9 8C 0A 01 EA 0C
A7 02 EC 5F CE 00 EC 8C 49 02 ED 41 B8 02 EF 79 8B 00 F0 E0 B6 00 F1 7D 5F 00 F2 B4
FA 00 F2 CF 99 02 F3 08 DB 00 F3 28 21 01 F3 3A 38 01 F3 DB C8 02 F4 A3 ED 00 F4 CC
3E 01 F5 50 0D 01 F5 57 2A 01 F7 12 5E 00 F7 DA AD 01 F7 E8 91 01 F7 ED 6A 00 F7 EE
45 01 F9 21 55 00 F9 77 8C 00 F9 BB 94 01 FB 08 06 01 FC 3A 47 01 FC E9 AE 02 FC FB
B9 02 FD 3F B8 02 FD B0 D9 00 FE 6E 7A 02 FF 34 00 02 FF 5C 5E 01 02 00 03 00 00 00
7D 98 C5 00 83 06 1B 01 C9 00 06 00 00 00 00 47 F1 00 01 91 40 01 01 CD 90 02 02 1C
41 01 02 35 4F 01 02 A4 15 01 02 BD 7E 00 04 92 1E 01 05 37 C6 00 05 A4 3C 01 06 D6
4D 01 09 5A A9 02 0A 29 D8 00 0B FF 5C 00 0C 77 1A 01 0C 81 40 01 0D 9A 03 01
0E 4D 7E 00 0F BA 9E 00 11 0F AA 00 11 7C 45 01 13 19 83 00 14 AA FD 00 15 40 28
01 15 9A DB 00 15 BC B7 01 18 1F 1B 01 19 C3 98 00 1A FA 99 00 1B 77 98 01 1F 01 B2
00 22 D3 89 00 24 6F 16 00 27 9B CE 00 27 A2 A2 00 28 8B B4 00 29 00 D8 00 2C 21 D7
00 2D B1 A3 00 2E 53 4C 01 32 55 1E 01 32 56 AE 00 32 D4 5F 01 34 BB EF 00 36 54 96
02 36 D8 41 01 37 22 C7 00 37 F8 1D 01 3A 0A 9E 02 3B DF 94 02 3D 0C 97 00 3D 5E 35
01 3F 1C EA 00 42 7F 7A 00 42 93 80 00 42 C4 6A 00 48 C6 F5 00 4B C8 36 01 4B DE 41
01 4C AF 71 00 4F 0B 45 01 50 8F C4 00 52 22 13 01 52 54 FE 00 52 8C 49 01 53 D8 8F
00 54 20 2B 01 56 B7 22 01 57 87 49 01 59 E5 D3 00 59 EA 60 01 5C C0 05 01 5C E1 7D
00 5D 4F 44 01 5D 82 51 01 5D B3 40 01 5E 42 C4 00 5F 6C 4A 01 5F 6C DC 00 60 AA 56
01 60 B9 41 01 61 F5 E3 00 61 FC 39 01 62 29 51 01 62 E7 97 02 63 3E 99 00 63 63 81
00 64 C9 26 01 67 68 A7 00 6B 01 10 01 6E 7B 8C 00 70 BF 19 01 70 E8 25 01 72 D8 36
01 73 D3 A7 00 74 C7 A4 02 76 41 8E 00 77 BB 2B 01 78 7F E1 00 79 2D 4F 01 7A
22 26 01 7C 22 B8 00 7C 78 A4 00 7E 86 DF 00 84 68 0B 01 88 93 A0 02 8A 40 9E 02 8A
D2 D2 00 8C 3B D3 00 8D 05 47 01 8F 06 43 01 8F 3C F3 00 91 67 C8 00 91 96 22 01 92
2F 93 02 92 82 71 00 92 83 51 01 92 C4 14 01 93 05 47 01 93 69 C7 00 96 39 0B 01 96
51 C7 02 99 46 64 01 9A C6 57 01 9B 56 A4 00 9C 40 27 01 9D 9F A0 00 9F 60 C3 00 9F
8F 6E 00 9F C8 CA 00 A0 B5 0A 01 A1 9D 2A 01 A1 D7 B3 00 A3 C4 E2 00 A3 F7 6A 00 A5
04 03 01 A5 22 A4 00 A5 8F 60 00 A6 38 DA 00 A7 C2 33 01 A9 B2 DB 00 AB 12 27 01 AB
78 3D 01 AB 86 30 01 AC 84 0E 01 AF EF C9 00 B0 75 5E 00 B1 B3 9F 02 B4 46 90 02 B4
89 22 01 B5 7A 48 01 B6 51 5D 00 B7 E2 BF 00 BA 14 65 00 BC B3 3A 01 BD C3 98 00 BF
F1 A9 00 C2 21 D1 00 C5 C0 05 01 C8 2B FC 00 C9 D7 CA 00 CF F4 2B 02 D0 40 27 01 D0
D3 22 01 D0 FE 62 00 D1 2A 52 01 D1 58 96 00 D3 30 1C 01 D3 83 4B 01 D6 8E FB 00 D6
B7 9A 00 D8 79 3D 01 D9 11 44 01 DA 19 D7 00 DC 30 D1 00 DD EB 26 01 DF A8 C6 01 DF
D5 22 01 DF D8 36 01 E0 F5 C8 01 E3 19 2F 01 E4 2C 4C 01 E6 19 9B 00 E6 B9 2
B 01 E7 9B 3B 01 E8 A4 C6 01 E9 D1 F5 00 F0 0E 4E 01 F0 3A DD 00 F1 9F 43 01 F3 89
40 01 F4 06 28 01 F4 74 5E 00 F4 79 3D 01 F4 AD 7A 00 F4 C8 2F 01 F6 5F E4 01 F6 D9
EC 00 F7 D4 5F 01 F8 71 9A 00 FA 67 CB 00 01 00 07 00 00 00 E4 2C 4C 01 0C 00 40 01
00 00 02 12 F8 00 27 17 B6 02 2D D8 F4 00 4B 11 B4 00 7B A8 D1 00 8A FA E3 00 9F 27
FF 00 A5 AD CF 00 A6 95 1D 01 C7 77 D7 00 DB B4 EF 00 F4 A3 ED 00 03 00 41 01 00 00
2A B7 22 01 CD AD 05 01 DC DC 7E 02 03 00 42 01 00 00 27 69 12 01 5F 88 67 01 72 ED
81 01 01 00 43 01 00 00 C0 EC 7C 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data\
418A073AA3BC1C75: 64 02 00 00 00 00 00 00 04 00 04 00 01 00 05 00 01 01 00 00 02 12
F8 00 72 ED 81 01 A5 AD CF 00 C7 77 D7 00 DB B4 EF 00 78 01 02 00 00 00 00 7F 45 01
01 BF 1E 01 01 CF 2A 01 02 12 F8 00 02 99 66 00 02 BC 94 01 02 E6 38 01 03 81 22 01
04 5C 78 02 04 93 1A 01 05 61 0F 01 08 8D 42 01 09 2B BE 02 09 92 F8 00 09 A3 36 01
09 EF 7D 00 0C 35 84 00 0C E9 C2 00 0D 37 C6 00 0D 78 79 00 0D A1 81 00 0D BE 82 01
0D D3 F9 00 0E 01 3E 01 0E 96 3D 01 0E 9B 82 02 0E BA CD 00 0F 05 DE 00 10 96 86 00
11 42 C2 00 12 E5 F8 00 13 BC 94 01 13 E9 78 00 15 B6 25 01 15 CE EB 00 17 93 38 01
19 C0 E2 00 1A E8 EC 01 1A EB B9 02 1B 42 78 00 1B F6 BC 02 1C 95 5C 00 1C A7 21 01
1D 49 12 01 1E 25 A8 02 1E 8D 52 00 1F 4E A8 00 21 01 3E 01 23 40 B2 02 23 CC 4F 01
24 6B 46 01 24 AC C7 00 24 C2 A8 02 25 60 F8 00 25 BE 17 01 27 17 B6 02 27 69 12 01
27 DB 21 01 28 A1 1B 01 29 20 3B 01 29 CC 10 01 2A 0E 39 01 2A 68 A9 00 2A B7 22 01
2A C7 D
E 00 2B 24 99 00 2B 2B C6 02 2C 3D 81 00 2C D8 42 01 2D 58 38 01 2D 72 FB 01 2D D8
F4 00 2E 80 1D 01 2F 95 46 01 30 20 B4 00 30 50 25 01 31 48 4F 00 32 57 A4 00 33 DF
5D 01 35 2C 5D 02 36 E9 D2 00 37 B5 92 02 3A 35 D8 00 3A 36 85 02 3A D6 72 02 3B CE
34 01 3C B3 52 00 3D 7F E6 00 3E A5 FA 00 3E D9 CC 01 40 56 F1 00 40 A5 6A 00 40 B0
2A 01 40 DE C8 02 41 A8 76 00 42 1D 0B 01 42 26 4A 00 42 B3 AE 00 43 AB 21 01 44 23
B9 02 44 B9 07 01 46 1D 0B 01 46 48 B6 00 46 79 D1 00 46 C2 21 01 48 F9 A6 00 49 EA
B7 00 4A 4C A7 02 4A AA 81 00 4C 41 B4 00 4C A7 70 00 4C B3 41 01 4C D6 85 02 4E 12
24 01 4E 9F F0 00 4E E7 C1 00 4F 14 C2 00 4F 34 28 01 50 C2 A7 02 50 EA 43 01 52 9D
41 02 52 9F 4A 01 52 A7 AA 00 54 7A 52 00 54 B7 DC 00 55 5F 2A 01 55 EA 73 02 56 4E
97 02 57 AD 12 01 58 0B D0 00 59 0F 1C 01 59 53 94 00 5A 5E B5 00 5C 74 65 01 5C F4
31 02 5D 44 B6 02 61 13 24 01 62 5A C6 01 63 96 77 00 63 9D C6 02 63 AC 9B 02 64 2F
AB 02 64 3A 97 02 64 81 C3 02 64 D4 19 01 65 30 54 01 65 A6 9E 00 67 57 A1 02
67 A1 80 02 6D 3E 43 01 6E F8 41 01 6F B3 11 01 70 2A 07 01 70 52 E2 01 70 D5 B5
02 71 05 28 01 71 40 A3 00 71 E3 72 00 72 3C 12 00 72 6E 4A 00 72 9B 37 01 72 A2 42
01 72 AE 87 02 72 ED 81 01 73 87 79 02 75 A3 7E 00 75 AB 0A 01 76 BC 21 01 77 F7 B8
02 78 EF 64 00 79 17 81 02 79 9C 39 00 7A E3 93 01 7B 45 D5 00 7B 9F EB 00 7B A8 D1
00 7E 10 44 01 7E FC B4 02 7F 88 CA 00 7F C1 A8 02 80 4C C3 02 81 06 95 00 81 77 78
02 82 27 73 00 82 58 68 01 83 06 1B 01 83 92 49 02 83 F1 60 00 84 4D 26 01 84 50 EB
00 84 E6 83 00 85 50 AE 00 85 A8 C3 02 87 6A 49 01 87 92 17 01 87 B1 4D 01 87 D7 21
01 87 F0 25 01 89 97 F5 00 8A 80 93 00 8A D3 00 02 8A FA E3 00 8B 4E 1D 01 8B 51 88
00 8B 9D A1 01 8B EE F2 00 8D E1 8F 02 8E 78 A2 00 8E 83 FD 01 8E D6 DC 01 8F 88 A2
02 8F EC 7C 02 90 48 1F 01 90 A6 A1 01 90 D5 D0 00 90 EE 37 01 91 23 D3 00 91 58 A4
02 93 86 61 00 93 CE 8C 01 94 90 A5 02 95 0B FE 00 95 9F 33 01 96 5D D2 00 97 6A B6
00 97 74 8D 00 98 72 46 01 99 FE F7 01 9A 29 C7 02 9B 20 D7 00 9B 2B DB 00 9B
4D 87 00 9C 47 41 01 9C 62 3A 01 9C A4 EB 00 9C E0 A8 00 9D 9D 92 00 9D A0 B0 02 9E
BB 0D 01 9F 3A AE 00 9F 91 92 01 A0 86 61 00 A0 CD 71 00 A1 89 C7 00 A2 05 06 00 A2
2E 1E 01 A3 B9 9D 02 A3 E7 15 01 A4 58 02 00 A5 AD CF 00 A6 1C A8 02 A6 44 A6 00 A6
95 1D 01 A7 B8 AD 00 A8 DE BE 02 A9 17 06 02 AB 36 AB 02 AC 54 F9 00 AD 73 BF 00 AD
D4 EC 00 B1 CE 98 00 B2 91 DD 00 B2 AA 21 01 B3 92 FB 00 B3 BF 2D 01 B4 F9 EA 00 B5
19 AA 02 B5 61 0D 01 B7 F0 02 02 B8 02 97 00 B8 34 38 01 B8 67 3B 01 B9 1A F3 00 B9
7D A7 02 B9 9E C9 01 BA F9 E9 00 BB 8E 8B 00 BC D2 2A 01 BD 38 8F 00 BD 53 98 00 BD
60 A9 02 BE 0C AC 00 BE 5A AA 02 BE 7E 45 01 BE 95 B4 02 BF 8E CE 00 C0 DB 49 01 C1
B2 AA 02 C2 0C 5B 02 C2 61 0B 01 C3 3E A3 00 C3 6D 81 00 C3 99 F3 00 C4 66 27 01 C5
35 C9 00 C7 5D D7 00 C7 77 D7 00 C9 26 2D 01 C9 2F B9 02 C9 38 97 00 C9 53 F1 00 CA
23 B7 00 CA 63 7F 00 CA 99 CE 00 CA DC 70 02 CB 27 AA 02 CB 74 DA 00 CC 49 56 00 CC
EF EF 00 CD AD 05 01 CF 67 69 01 D0 17 56 00 D1 9A 7B 00 D1 D2 A7 00 D3 82 6
1 00 D3 C7 AF 00 D4 32 99 02 D6 F6 DE 00 D8 D0 9E 02 D9 07 24 01 DA 38 C8 01 DB 26
D8 01 DC 6A 84 02 DC DC 7E 02 DD 1B 19 01 DF 1F 80 01 DF 5B B4 02 E0 3E E7 01 E1 7E
8C 00 E2 1B 56 00 E4 40 27 01 E4 48 97 02 E4 69 C9 00 E5 4C 27 01 E5 CE 9A 02 E6 3E
2B 0D E6 6C 81 00 E7 A4 D9 00 E8 80 3F 02 E8 9E FA 00 E8 E0 95 01 E9 8C 0A 01 EA 0C
A7 02 EC 5F CE 00 EC 8C 49 02 ED 41 B8 02 EF 79 8B 00 F0 E0 B6 00 F1 7D 5F 00 F2 B4
FA 00 F2 CF 99 02 F3 08 DB 00 F3 28 21 01 F3 3A 38 01 F3 DB C8 02 F4 A3 ED 00 F4 CC
3E 01 F5 50 0D 01 F5 57 2A 01 F7 12 5E 00 F7 DA AD 01 F7 E8 91 01 F7 ED 6A 00 F7 EE
45 01 F9 21 55 00 F9 77 8C 00 F9 BB 94 01 FB 08 06 01 FC 3A 47 01 FC E9 AE 02 FC FB
B9 02 FD 3F B8 02 FD B0 D9 00 FE 6E 7A 02 FF 34 00 02 FF 5C 5E 01 02 00 03 00 00 00
7D 98 C5 00 83 06 1B 01 CA 00 06 00 00 00 00 47 F1 00 01 91 40 01 01 CD 90 02 02 1C
41 01 02 35 4F 01 02 A4 15 01 02 BD 7E 00 04 92 1E 01 05 37 C6 00 05 A4 3C 01 06 D6
4D 01 09 5A A9 02 0A 29 D8 00 0B FF 5C 00 0C 77 1A 01 0C 81 40 01 0D 9A 03 01
0E 4D 7E 00 0F BA 9E 00 11 0F AA 00 11 7C 45 01 13 19 83 00 14 AA FD 00 15 40 28
01 15 9A DB 00 15 BC B7 01 18 1F 1B 01 19 C3 98 00 1A FA 99 00 1B 77 98 01 1F 01 B2
00 22 D3 89 00 24 6F 16 00 27 9B CE 00 27 A2 A2 00 28 8B B4 00 29 00 D8 00 2C 21 D7
00 2D B1 A3 00 2E 53 4C 01 32 55 1E 01 32 56 AE 00 32 D4 5F 01 34 BB EF 00 36 54 96
02 36 D8 41 01 37 22 C7 00 37 F8 1D 01 3A 0A 9E 02 3B DF 94 02 3D 0C 97 00 3D 5E 35
01 3F 1C EA 00 42 7F 7A 00 42 93 80 00 42 C4 6A 00 48 C6 F5 00 4B C8 36 01 4B DE 41
01 4C AF 71 00 4F 0B 45 01 50 8F C4 00 52 22 13 01 52 54 FE 00 52 8C 49 01 53 D8 8F
00 54 20 2B 01 56 B7 22 01 57 87 49 01 59 E5 D3 00 59 EA 60 01 5C C0 05 01 5C E1 7D
00 5D 4F 44 01 5D 82 51 01 5D B3 40 01 5E 42 C4 00 5F 6C 4A 01 5F 6C DC 00 60 AA 56
01 60 B9 41 01 61 F5 E3 00 61 FC 39 01 62 29 51 01 62 E7 97 02 63 3E 99 00 63 63 81
00 64 C9 26 01 67 68 A7 00 6B 01 10 01 6E 7B 8C 00 70 BF 19 01 70 E8 25 01 72 D8 36
01 73 D3 A7 00 74 C7 A4 02 76 41 8E 00 77 BB 2B 01 78 7F E1 00 79 2D 4F 01 7A
22 26 01 7C 22 B8 00 7C 78 A4 00 7E 86 DF 00 84 68 0B 01 88 93 A0 02 8A 40 9E 02 8A
D2 D2 00 8C 3B D3 00 8D 05 47 01 8F 06 43 01 8F 3C F3 00 91 67 C8 00 91 96 22 01 92
2F 93 02 92 82 71 00 92 83 51 01 92 C4 14 01 93 05 47 01 93 69 C7 00 96 39 0B 01 96
51 C7 02 99 46 64 01 9A C6 57 01 9B 56 A4 00 9C 40 27 01 9D 9F A0 00 9F 60 C3 00 9F
8F 6E 00 9F C8 CA 00 A0 B5 0A 01 A1 9D 2A 01 A1 D7 B3 00 A3 C4 E2 00 A3 F7 6A 00 A5
04 03 01 A5 22 A4 00 A5 8F 60 00 A6 38 DA 00 A7 C2 33 01 A9 B2 DB 00 AB 12 27 01 AB
78 3D 01 AB 86 30 01 AC 84 0E 01 AF EF C9 00 B0 75 5E 00 B1 B3 9F 02 B4 46 90 02 B4
89 22 01 B5 7A 48 01 B6 51 5D 00 B7 E2 BF 00 BA 14 65 00 BC B3 3A 01 BD C3 98 00 BF
F1 A9 00 C2 21 D1 00 C5 C0 05 01 C8 2B FC 00 C9 D7 CA 00 CF F4 2B 02 D0 40 27 01 D0
D3 22 01 D0 FE 62 00 D1 2A 52 01 D1 58 96 00 D3 30 1C 01 D3 83 4B 01 D6 8E FB 00 D6
B7 9A 00 D8 79 3D 01 D9 11 44 01 DA 19 D7 00 DC 30 D1 00 DD EB 26 01 DF A8 C6 01 DF
D5 22 01 DF D8 36 01 E0 F5 C8 01 E3 19 2F 01 E4 2C 4C 01 E6 19 9B 00 E6 B9 2
B 01 E7 9B 3B 01 E8 A4 C6 01 E9 D1 F5 00 F0 0E 4E 01 F0 3A DD 00 F1 9F 43 01 F3 89
40 01 F4 06 28 01 F4 74 5E 00 F4 79 3D 01 F4 AD 7A 00 F4 C8 2F 01 F6 5F E4 01 F6 D9
EC 00 F7 D4 5F 01 F8 71 9A 00 FA 67 CB 00 FE 5B FE 00 01 00 07 00 00 00 E4 2C 4C 01
0C 00 40 01 00 00 02 12 F8 00 27 17 B6 02 2D D8 F4 00 4B 11 B4 00 7B A8 D1 00 8A FA
E3 00 9F 27 FF 00 A5 AD CF 00 A6 95 1D 01 C7 77 D7 00 DB B4 EF 00 F4 A3 ED 00 03 00
41 01 00 00 2A B7 22 01 CD AD 05 01 DC DC 7E 02 03 00 42 01 00 00 27 69 12 01 5F 88
67 01 72 ED 81 01 01 00 43 01 00 00 C0 EC 7C 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data\
418A073AA3BC3475: 90 02 00 00 00 00 00 00 04 00 04 00 01 02 04 00 00 00 00 00 03 00
00 00 6B 50 7E 00 03 00 00 00 90 A6 A1 01 F1 00 00 00 A1 9F 5E 00 03 00 00 00 DB B4
EF 00 05 00 01 00 00 00 03 00 00 00 00 7D 75 00 03 00 00 00 18 7D C7 00 9E 00 00 00
56 73 7D 00 0A 00 00 00 6B 50 7E 00 0A 00 00 00 E6 C5 31 00 01 00 05 00 00 00 05 00
00 00 9F C8 CA 00 02 00 64 00 00 00 04 00 00 00 42 1D 0B 01 08 00 00 00 46 1D 0B 01
06 00 65 00 00 00 05 00 00 00 1C 95 5C 00 19 00 00 00 65 A6 9E 00 09 00 00 00 77 9B
93 00 42 00 00 00 A2 05 06 00 F0 34 00 00 E6 C5 31 00 BA 00 00 00 F0 E0 B6 00 03 00
66 00 00 00 47 00 00 00 65 A6 9E 00 09 00 00 00 77 9B 93 00 17 00 00 00 A2 05 06 00
01 00 67 00 00 00 15 00 00 00 A2 05 06 00 01 00 68 00 00 00 1B 00 00 00 A2 05 06 00
01 00 69 00 00 00 34 06 00 00 65 A6 9E 00 01 00 6B 00 00 00 08 00 00 00 65 A6 9E 00
01 00 70 00 00 00 02 00 00 00 65 A6 9E 00 01 00 72 00 00 00 5C 01 00 00 A2 05 06 00
01 00 7
3 00 00 00 18 00 00 00 65 A6 9E 00 01 00 77 00 00 00 08 00 00 00 65 A6 9E 00 01 00
78 00 00 00 08 00 00 00 65 A6 9E 00 01 00 7D 00 00 00 19 00 00 00 65 A6 9E 00 01 00
7F 00 00 00 24 00 00 00 65 A6 9E 00 01 00 81 00 00 00 12 00 00 00 65 A6 9E 00 01 00
97 00 00 00 0C 00 00 00 BE B3 EF 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data\
418A073AA3BC3475: 92 02 00 00 00 00 00 00 04 00 04 00 01 02 04 00 00 00 00 00 03 00
00 00 6B 50 7E 00 03 00 00 00 90 A6 A1 01 F5 00 00 00 A1 9F 5E 00 03 00 00 00 DB B4
EF 00 05 00 01 00 00 00 03 00 00 00 00 7D 75 00 03 00 00 00 18 7D C7 00 9E 00 00 00
56 73 7D 00 0A 00 00 00 6B 50 7E 00 0A 00 00 00 E6 C5 31 00 01 00 05 00 00 00 05 00
00 00 9F C8 CA 00 02 00 64 00 00 00 04 00 00 00 42 1D 0B 01 08 00 00 00 46 1D 0B 01
06 00 65 00 00 00 05 00 00 00 1C 95 5C 00 19 00 00 00 65 A6 9E 00 09 00 00 00 77 9B
93 00 4D 00 00 00 A2 05 06 00 F0 34 00 00 E6 C5 31 00 31 01 00 00 F0 E0 B6 00 03 00
66 00 00 00 4B 00 00 00 65 A6 9E 00 09 00 00 00 77 9B 93 00 17 00 00 00 A2 05 06 00
01 00 67 00 00 00 20 00 00 00 A2 05 06 00 01 00 68 00 00 00 26 00 00 00 A2 05 06 00
01 00 69 00 00 00 4F 08 00 00 65 A6 9E 00 01 00 6B 00 00 00 08 00 00 00 65 A6 9E 00
01 00 70 00 00 00 02 00 00 00 65 A6 9E 00 01 00 72 00 00 00 5C 01 00 00 A2 05 06 00
01 00 7
3 00 00 00 34 00 00 00 65 A6 9E 00 01 00 77 00 00 00 08 00 00 00 65 A6 9E 00 01 00
78 00 00 00 08 00 00 00 65 A6 9E 00 01 00 7D 00 00 00 35 00 00 00 65 A6 9E 00 01 00
7F 00 00 00 40 00 00 00 65 A6 9E 00 01 00 81 00 00 00 12 00 00 00 65 A6 9E 00 01 00
97 00 00 00 0C 00 00 00 BE B3 EF 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\
{9ECD9F35-130A-4C0C-A551-9D3335B165D7}\DynamicInfo: 03 00 00 00 48 E6 A2 E6 11 09
DA 01 6E 3A 56 90 D8 09 DA 01 00 00 00 00 00 00 00 00 16 15 65 90 D8 09 DA 01
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\
{9ECD9F35-130A-4C0C-A551-9D3335B165D7}\DynamicInfo: 03 00 00 00 48 E6 A2 E6 11 09
DA 01 C4 6E 37 6A 69 0A DA 01 00 00 00 00 00 00 00 00 5F 12 67 6A 69 0A DA 01
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\
{A08D6A77-C926-4E78-9ED0-09836E2769AE}\DynamicInfo: 03 00 00 00 5A 3D A8 E6 11 09
DA 01 B3 7D 16 BE 64 0A DA 01 00 00 00 00 00 00 00 00 CC 4D 2B BF 64 0A DA 01
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\
{A08D6A77-C926-4E78-9ED0-09836E2769AE}\DynamicInfo: 03 00 00 00 5A 3D A8 E6 11 09
DA 01 33 C1 B4 66 69 0A DA 01 00 00 00 00 00 00 00 00 D5 CD 0C 67 69 0A DA 01
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\
{A2FFCE6E-7F06-494A-8C84-6EFCAEB075BB}\DynamicInfo: 03 00 00 00 97 90 23 E4 11 09
DA 01 49 B9 53 90 D8 09 DA 01 00 00 00 00 00 00 00 00 BB C9 5B 90 D8 09 DA 01
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\
{A2FFCE6E-7F06-494A-8C84-6EFCAEB075BB}\DynamicInfo: 03 00 00 00 97 90 23 E4 11 09
DA 01 2A 78 87 69 69 0A DA 01 00 00 00 00 00 00 00 00 75 93 3E 6A 69 0A DA 01
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileService\References\S-1-5-
21-581052034-401398733-1099558730-1000\RefCount: 04 00 00 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileService\References\S-1-5-
21-581052034-401398733-1099558730-1000\RefCount: 05 00 00 00
HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\SequenceNumber: 0x00000008
HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\SequenceNumber: 0x0000000A
HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\\Device\HarddiskVolume1\Program Files (x86)\Microsoft\
Edge\Application\msedge.exe: DE 16 B0 4E 69 0A DA 01 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00
HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\\Device\HarddiskVolume1\Program Files (x86)\Microsoft\
Edge\Application\msedge.exe: 5B 64 52 81 69 0A DA 01 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00
HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\\Device\HarddiskVolume1\Users\tony\Downloads\
Malware_Investigations_Assignment_1_2023.exe: 27 B5 5F 8F 64 0A DA 01 00 00 00 00
00 00 00 00 00 00 00 00 02 00 00 00
HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\\Device\HarddiskVolume1\Users\tony\Downloads\
Malware_Investigations_Assignment_1_2023.exe: 62 D2 B6 8F 69 0A DA 01 00 00 00 00
00 00 00 00 00 00 00 00 02 00 00 00
HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\\Device\HarddiskVolume1\Windows\SysWOW64\
WindowsPowerShell\v1.0\powershell.exe: 85 A5 28 8F 64 0A DA 01 00 00 00 00 00 00 00
00 00 00 00 00 02 00 00 00
HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\\Device\HarddiskVolume1\Windows\SysWOW64\
WindowsPowerShell\v1.0\powershell.exe: C1 63 07 90 69 0A DA 01 00 00 00 00 00 00 00
00 00 00 00 00 02 00 00 00
HKLM\SYSTEM\ControlSet001\Services\BITS\Start: 0x00000002
HKLM\SYSTEM\ControlSet001\Services\BITS\Start: 0x00000003
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x000001C3
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x000001C4
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch2\Epoch: 0x0000000E
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch2\Epoch: 0x0000000F
HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\SequenceNumber: 0x00000008
HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\SequenceNumber: 0x0000000A
HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\\Device\HarddiskVolume1\Program Files (x86)\Microsoft\
Edge\Application\msedge.exe: DE 16 B0 4E 69 0A DA 01 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\\Device\HarddiskVolume1\Program Files (x86)\Microsoft\
Edge\Application\msedge.exe: 5B 64 52 81 69 0A DA 01 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\\Device\HarddiskVolume1\Users\tony\Downloads\
Malware_Investigations_Assignment_1_2023.exe: 27 B5 5F 8F 64 0A DA 01 00 00 00 00
00 00 00 00 00 00 00 00 02 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\\Device\HarddiskVolume1\Users\tony\Downloads\
Malware_Investigations_Assignment_1_2023.exe: 62 D2 B6 8F 69 0A DA 01 00 00 00 00
00 00 00 00 00 00 00 00 02 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\\Device\HarddiskVolume1\Windows\SysWOW64\
WindowsPowerShell\v1.0\powershell.exe: 85 A5 28 8F 64 0A DA 01 00 00 00 00 00 00 00
00 00 00 00 00 02 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-581052034-
401398733-1099558730-1000\\Device\HarddiskVolume1\Windows\SysWOW64\
WindowsPowerShell\v1.0\powershell.exe: C1 63 07 90 69 0A DA 01 00 00 00 00 00 00 00
00 00 00 00 00 02 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\BITS\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\BITS\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x000001C3
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x000001C4
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2\Epoch: 0x0000000E
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2\Epoch: 0x0000000F
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\
CPUpct: "0.013007"
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\
CPUpct: "0.000000"
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\
MemoryUsageKB: 0x0000000000000FD4
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\
MemoryUsageKB: 0x0000000000000FFC
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\ActivityDataModel\ReaderRevisionInfo\932D7491-E8E7-8C34-F05E-
DE2774786DE5: 31 00 38 00 30 00 7B 0A 20 20 20 22 44 61 74 61 62 61 73 65 49 6E 73
74 61 6E 63 65 49 64 22 20 3A 20 33 36 33 39 35 2C 0A 20 20 20 22 53 65 71 75 65 6E
63 65 22 20 3A 20 36 38 34 2C 0A 20 20 20 22 61 63 74 69 76 69 74 79 53 74 6F 72 65
49 64 22 20 3A 20 22 39 33 32 44 37 34 39 31 2D 45 38 45 37 2D 38 43 33 34 2D 46 30
35 45 2D 44 45 32 37 37 34 37 38 36 44 45 35 22 2C 0A 20 20 20 22 66 69 6C 74 65 72
22 20 3A 20 7B 0A 20 20 20 20 20 20 22 69 73 52 65 61 64 46 69 6C 74 65 72 22 20 3A
20 30 2C 0A 20 20 20 20 20 20 22 6F 72 69 67 69 6E 46 69 6C 74 65 72 4B 65 79 22 20
3A 20 30 2C 0A 20 20 20 20 20 20 22 73 74 61 74 65 46 69 6C 74 65 72 4B 65 79 22 20
3A 20 30 2C 0A 20 20 20 20 20 20 22 75 73 65 72 41 63 74 69 6F 6E 53 74 61 74 65 46
69 6C 74 65 72 22 20 3A 20 30 0A 20 20 20 7D 0A 7D 0A 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\ActivityDataModel\ReaderRevisionInfo\932D7491-E8E7-8C34-F05E-
DE2774786DE5: 31 00 38 00 30 00 7B 0A 20 20 20 22 44 61 74 61 62 61 73 65 49 6E 73
74 61 6E 63 65 49 64 22 20 3A 20 33 36 33 39 35 2C 0A 20 20 20 22 53 65 71 75 65 6E
63 65 22 20 3A 20 37 30 32 2C 0A 20 20 20 22 61 63 74 69 76 69 74 79 53 74 6F 72 65
49 64 22 20 3A 20 22 39 33 32 44 37 34 39 31 2D 45 38 45 37 2D 38 43 33 34 2D 46 30
35 45 2D 44 45 32 37 37 34 37 38 36 44 45 35 22 2C 0A 20 20 20 22 66 69 6C 74 65 72
22 20 3A 20 7B 0A 20 20 20 20 20 20 22 69 73 52 65 61 64 46 69 6C 74 65 72 22 20 3A
20 30 2C 0A 20 20 20 20 20 20 22 6F 72 69 67 69 6E 46 69 6C 74 65 72 4B 65 79 22 20
3A 20 30 2C 0A 20 20 20 20 20 20 22 73 74 61 74 65 46 69 6C 74 65 72 4B 65 79 22 20
3A 20 30 2C 0A 20 20 20 20 20 20 22 75 73 65 72 41 63 74 69 6F 6E 53 74 61 74 65 46
69 6C 74 65 72 22 20 3A 20 30 0A 20 20 20 7D 0A 7D 0A 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\FeatureUsage\AppSwitched\C:\Tools\Regshot-x64-Unicode\
Regshot-x64-Unicode.exe: 0x00000006
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\FeatureUsage\AppSwitched\C:\Tools\Regshot-x64-Unicode\
Regshot-x64-Unicode.exe: 0x00000007
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\
HRZR_PGYFRFFVBA: 00 00 00 00 78 00 00 00 56 01 00 00 41 C5 A9 00 0E 00 00 00 15 00
00 00 A0 68 06 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 2E 00 47 00
65 00 74 00 73 00 74 00 61 00 72 00 74 00 65 00 64 00 5F 00 38 00 77 00 65 00 6B 00
79 00 62 00 33 00 64 00 38 00 62 00 62 00 77 00 65 00 21 00 41 00 70 00 70 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25 00 00
00 EA 44 06 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 2E 00 57 00 69
00 6E 00 64 00 6F 00 77 00 73 00 2E 00 53 00 65 00 61 00 72 00 63 00 68 00 5F
00 63 00 77 00 35 00 6E 00 31 00 68 00 32 00 74 00 78 00 79 00 65 00 77 00 79 00 21
00 43 00 6F 00 72 00 74 00 61 00 6E 00 61 00 55 00 49 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 00
00 00 1E 00 00 00 C6 50 09 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00
2E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 2E 00 45 00 78 00 70 00 6C 00 6F 00
72 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\
HRZR_PGYFRFFVBA: 00 00 00 00 79 00 00 00 5C 01 00 00 D3 C0 AB 00 0E 00 00 00 15 00
00 00 A0 68 06 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 2E 00 47 00
65 00 74 00 73 00 74 00 61 00 72 00 74 00 65 00 64 00 5F 00 38 00 77 00 65 00 6B 00
79 00 62 00 33 00 64 00 38 00 62 00 62 00 77 00 65 00 21 00 41 00 70 00 70 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25 00 00
00 EA 44 06 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 2E 00 57 00 69
00 6E 00 64 00 6F 00 77 00 73 00 2E 00 53 00 65 00 61 00 72 00 63 00 68 00 5F
00 63 00 77 00 35 00 6E 00 31 00 68 00 32 00 74 00 78 00 79 00 65 00 77 00 79 00 21
00 43 00 6F 00 72 00 74 00 61 00 6E 00 61 00 55 00 49 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 00
00 00 20 00 00 00 7A 89 09 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00
2E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 2E 00 45 00 78 00 70 00 6C 00 6F 00
72 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\
Zvpebfbsg.Jvaqbjf.Rkcybere: 00 00 00 00 0D 00 00 00 1E 00 00 00 C6 50 09 00 00 00
80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00
80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF C0 BC 5A 67 67 0A DA 01 00 00 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\
Zvpebfbsg.Jvaqbjf.Rkcybere: 00 00 00 00 0D 00 00 00 20 00 00 00 7A 89 09 00 00 00
80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00
80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF C0 BC 5A 67 67 0A DA 01 00 00 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\
Hfref\gbal\Qbjaybnqf\Znyjner_Vairfgvtngvbaf_Nffvtazrag_1_2023.rkr: 00 00 00 00 01
00 00 00 02 00 00 00 CF 21 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00
00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 90
43 F5 82 64 0A DA 01 00 00 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\
Hfref\gbal\Qbjaybnqf\Znyjner_Vairfgvtngvbaf_Nffvtazrag_1_2023.rkr: 00 00 00 00 02
00 00 00 04 00 00 00 5C 3C 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00
00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 50
C5 1D 87 69 0A DA 01 00 00 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\
{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\JvaqbjfCbjreFuryy\i1.0\cbjrefuryy.rkr: 00 00
00 00 00 00 00 00 01 00 00 00 A3 0C 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00
80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF
FF FF 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\
{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\JvaqbjfCbjreFuryy\i1.0\cbjrefuryy.rkr: 00 00
00 00 00 00 00 00 02 00 00 00 C7 13 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00
80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF
FF FF 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\
Gbbyf\Ertfubg-k64-Havpbqr\Ertfubg-k64-Havpbqr.rkr: 00 00 00 00 04 00 00 00 09 00 00
00 40 17 0A 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80
BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 70 41 3E 34 69 0A DA
01 00 00 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\
Gbbyf\Ertfubg-k64-Havpbqr\Ertfubg-k64-Havpbqr.rkr: 00 00 00 00 04 00 00 00 0A 00 00
00 6D B8 0B 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80
BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 70 41 3E 34 69 0A DA
01 00 00 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\tony\
Downloads\Malware_Investigations_Assignment_1_2023.exe: 53 41 43 50 01 00 00 00 00
00 00 00 07 00 00 00 28 00 00 00 00 56 09 00 00 00 00 00 01 00 00 00 00 00 00 00 00
00 00 0A 71 20 00 00 50 BB 64 ED DD AC D5 01 00 00 00 00 00 00 00 00 05 00 00 00 10
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 28 00 00 00 00
00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D2 40 00 00 00
00 00 00 01 00 00 00 01 00 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\tony\
Downloads\Malware_Investigations_Assignment_1_2023.exe: 53 41 43 50 01 00 00 00 00
00 00 00 07 00 00 00 28 00 00 00 00 56 09 00 00 00 00 00 01 00 00 00 00 00 00 00 00
00 00 0A 71 20 00 00 50 BB 64 ED DD AC D5 01 00 00 00 00 00 00 00 00 05 00 00 00 10
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 28 00 00 00 00
00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D2 40 00 00 00
00 00 00 02 00 00 00 02 00 00 00
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Classes\Local Settings\
Software\Microsoft\Windows\Shell\BagMRU\MRUListEx: 03 00 00 00 00 00 00 00 02 00 00
00 01 00 00 00 FF FF FF FF
HKU\S-1-5-21-581052034-401398733-1099558730-1000\SOFTWARE\Classes\Local Settings\
Software\Microsoft\Windows\Shell\BagMRU\MRUListEx: 00 00 00 00 03 00 00 00 02 00 00
00 01 00 00 00 FF FF FF FF
HKU\S-1-5-21-581052034-401398733-1099558730-1000_Classes\Local Settings\Software\
Microsoft\Windows\Shell\BagMRU\MRUListEx: 03 00 00 00 00 00 00 00 02 00 00 00 01 00
00 00 FF FF FF FF
HKU\S-1-5-21-581052034-401398733-1099558730-1000_Classes\Local Settings\Software\
Microsoft\Windows\Shell\BagMRU\MRUListEx: 00 00 00 00 03 00 00 00 02 00 00 00 01 00
00 00 FF FF FF FF

----------------------------------
Files added: 1
----------------------------------
C:\Users\tony\Desktop\PS_Transcripts\20231029\
PowerShell_transcript.WINDOWS10.2v7OiHHA.20231029131219.txt
2023-10-29 13:12:26, 0x00000020, 3872

----------------------------------
Files [attributes?] modified: 21
----------------------------------
C:\haikuhider.zip
2023-10-29 12:36:24, 0x00000020, 543
2023-10-29 13:12:17, 0x00000020, 543
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
2023-10-29 13:01:16, 0x00002020, 8192
2023-10-29 13:11:50, 0x00002020, 8192
C:\ProgramData\Microsoft\Network\Downloader\edb.log
2023-10-29 13:01:15, 0x00002020, 1310720
2023-10-29 13:11:50, 0x00002020, 1310720
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
2023-10-29 13:09:33, 0x00002220, 1572864
2023-10-29 13:11:50, 0x00002220, 1572864
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
2023-10-29 13:01:15, 0x00002020, 16384
2023-10-29 13:11:50, 0x00002020, 16384
C:\Users\All Users\Microsoft\Network\Downloader\edb.chk
2023-10-29 13:01:16, 0x00002020, 8192
2023-10-29 13:11:50, 0x00002020, 8192
C:\Users\All Users\Microsoft\Network\Downloader\edb.log
2023-10-29 13:01:15, 0x00002020, 1310720
2023-10-29 13:11:50, 0x00002020, 1310720
C:\Users\All Users\Microsoft\Network\Downloader\qmgr.db
2023-10-29 13:09:33, 0x00002220, 1572864
2023-10-29 13:11:50, 0x00002220, 1572864
C:\Users\All Users\Microsoft\Network\Downloader\qmgr.jfm
2023-10-29 13:01:15, 0x00002020, 16384
2023-10-29 13:11:50, 0x00002020, 16384
C:\Users\tony\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\
LOG
2023-10-29 13:08:36, 0x00000020, 329
2023-10-29 13:11:31, 0x00000020, 329
C:\Users\tony\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\
LOG.old
2023-10-29 13:07:35, 0x00000020, 329
2023-10-29 13:08:36, 0x00000020, 329
C:\Users\tony\AppData\Local\Microsoft\Edge\User Data\Default\uu_host_config
2023-10-29 13:00:07, 0x00000020, 403024
2023-10-29 13:11:32, 0x00000020, 403024
C:\Users\tony\ntuser.dat.LOG1
2023-10-27 12:23:49, 0x00000026, 53248
2023-10-27 12:23:49, 0x00000026, 212992
C:\Users\tony\Pictures\part_2.txt
2023-10-29 12:36:24, 0x00000020, 25
2023-10-29 13:12:17, 0x00000020, 25
C:\Windows\bootstat.dat
2023-10-29 13:10:31, 0x00000024, 67584
2023-10-29 13:12:31, 0x00000024, 67584
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
2023-10-27 20:12:09, 0x00000026, 106496
2023-10-27 20:12:09, 0x00000026, 118784
C:\Windows\ServiceState\EventLog\Data\lastalive0.dat
2023-10-29 13:10:27, 0x00000026, 2048
2023-10-29 13:12:27, 0x00000026, 2048
C:\Windows\ServiceState\EventLog\Data\lastalive1.dat
2023-10-29 13:09:27, 0x00000026, 2048
2023-10-29 13:13:27, 0x00000026, 2048
C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx
2023-10-29 12:37:28, 0x00000020, 15732736
2023-10-29 13:13:20, 0x00000020, 15732736
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender
%4Operational.evtx
2023-10-29 12:56:31, 0x00000020, 1118208
2023-10-29 13:13:20, 0x00000020, 1118208
C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx
2023-10-29 12:43:05, 0x00000020, 2166784
2023-10-29 13:13:20, 0x00000020, 2166784

----------------------------------
Total changes: 58
----------------------------------

Newgen Software - Corporate Brochure
No ratings yet
Newgen Software - Corporate Brochure
23 pages
Lecture # 40: Creation of A File On NTFS
No ratings yet
Lecture # 40: Creation of A File On NTFS
6 pages
Arctic Adeline To Normal Wildcat
No ratings yet
Arctic Adeline To Normal Wildcat
3 pages
Travis Scott
No ratings yet
Travis Scott
3 pages
Game Crash
No ratings yet
Game Crash
167 pages
Attachment
No ratings yet
Attachment
100 pages
game.crash
No ratings yet
game.crash
227 pages
Game Crash
No ratings yet
Game Crash
60 pages
game.crash v
No ratings yet
game.crash v
9 pages
FAIRCHILD SUPERFET2 800 REV3b Ltspice
No ratings yet
FAIRCHILD SUPERFET2 800 REV3b Ltspice
26 pages
Fairchild Superfet2 800 Rev3b Ltspice
No ratings yet
Fairchild Superfet2 800 Rev3b Ltspice
26 pages
Cracked
No ratings yet
Cracked
351 pages
2020-08-17 Alice in Wonderland Palletsupporttest
No ratings yet
2020-08-17 Alice in Wonderland Palletsupporttest
5 pages
IBM PCDOS 0p9.hex
No ratings yet
IBM PCDOS 0p9.hex
181 pages
game.crash
No ratings yet
game.crash
9 pages
JD400 .Hex
No ratings yet
JD400 .Hex
448 pages
Game Crash
No ratings yet
Game Crash
194 pages
Game Crash
No ratings yet
Game Crash
43 pages
game.crash
No ratings yet
game.crash
7 pages
game.crash
No ratings yet
game.crash
53 pages
Game Crashdsadd
No ratings yet
Game Crashdsadd
67 pages
Dos11src Hex
No ratings yet
Dos11src Hex
358 pages
Game Crash
No ratings yet
Game Crash
10 pages
autopap_1.4.0_dev
No ratings yet
autopap_1.4.0_dev
54 pages
R231 3
No ratings yet
R231 3
7 pages
Dos10 160 Hex
No ratings yet
Dos10 160 Hex
174 pages
Game Crash
No ratings yet
Game Crash
62 pages
FDD9407 F085 Ltspice
No ratings yet
FDD9407 F085 Ltspice
77 pages
Ibmdos10 Hex
No ratings yet
Ibmdos10 Hex
178 pages
Game Crash
No ratings yet
Game Crash
17 pages
Fdstd144 Ima Hex
No ratings yet
Fdstd144 Ima Hex
1,668 pages
Download
No ratings yet
Download
29 pages
Download
No ratings yet
Download
29 pages
Download
No ratings yet
Download
29 pages
Game Crash
No ratings yet
Game Crash
25 pages
Lecture # 31: Inside A Boot Block
No ratings yet
Lecture # 31: Inside A Boot Block
5 pages
Game Crash
No ratings yet
Game Crash
130 pages
Game Crash
No ratings yet
Game Crash
876 pages
Game Crash
No ratings yet
Game Crash
50 pages
新建文本文档
No ratings yet
新建文本文档
3 pages
game.crash
No ratings yet
game.crash
9 pages
Lecture 1 2Computer Vision - Copy
No ratings yet
Lecture 1 2Computer Vision - Copy
58 pages
Game Crash
No ratings yet
Game Crash
17 pages
Game Crash
No ratings yet
Game Crash
63 pages
Game Crash
No ratings yet
Game Crash
9 pages
Game Crash
No ratings yet
Game Crash
18 pages
Encode
No ratings yet
Encode
9 pages
Game Crash
No ratings yet
Game Crash
9 pages
Game Crash
No ratings yet
Game Crash
18 pages
Game Crash
No ratings yet
Game Crash
93 pages
game.crash
No ratings yet
game.crash
8 pages
Game Crash
No ratings yet
Game Crash
9 pages
Game Crash
No ratings yet
Game Crash
45 pages
Game Crash
No ratings yet
Game Crash
70 pages
Game Crash
No ratings yet
Game Crash
9 pages
Game Crash
No ratings yet
Game Crash
26 pages
Game Crash
No ratings yet
Game Crash
491 pages
game.crash
No ratings yet
game.crash
55 pages
hex-code
No ratings yet
hex-code
9 pages
Game Crash
No ratings yet
Game Crash
149 pages
IBM System 360 RPG Debugging Template and Keypunch Card
From Everand
IBM System 360 RPG Debugging Template and Keypunch Card
Archive Classics
No ratings yet
Instructory - Pitch Deck
No ratings yet
Instructory - Pitch Deck
11 pages
Alchemist's Supplies
No ratings yet
Alchemist's Supplies
2 pages
WRD Cswo Sesc Manual Unit1 - 556402 - 7
No ratings yet
WRD Cswo Sesc Manual Unit1 - 556402 - 7
18 pages
Jurnal Ekotonia 1 (1), PP 19-25, 2015
No ratings yet
Jurnal Ekotonia 1 (1), PP 19-25, 2015
7 pages
The Next Level in Robotwelding: WWW - Welding-And-Cutting - Info Technical Journal For Welding and Allied Processes
No ratings yet
The Next Level in Robotwelding: WWW - Welding-And-Cutting - Info Technical Journal For Welding and Allied Processes
64 pages
FAD 420 en
No ratings yet
FAD 420 en
3 pages
A.1 - B1130.0.20.33.945.GD11.004-02 F A4 - (Manufacturing and Inspection Procedure - Procurement) PDF
No ratings yet
A.1 - B1130.0.20.33.945.GD11.004-02 F A4 - (Manufacturing and Inspection Procedure - Procurement) PDF
8 pages
Bismillah Salsa Sempro Fixxx
No ratings yet
Bismillah Salsa Sempro Fixxx
42 pages
Lectures On The Christian Sacraments 2
100% (1)
Lectures On The Christian Sacraments 2
132 pages
TOR Review
No ratings yet
TOR Review
4 pages
Examen Final - Semana 8 - ESP - SEGUNDO BLOQUE-INGLES GENERAL IV - (GRUPO1) PDF
No ratings yet
Examen Final - Semana 8 - ESP - SEGUNDO BLOQUE-INGLES GENERAL IV - (GRUPO1) PDF
9 pages
HP Quota MBBS Merit List 2022 PDF 1
No ratings yet
HP Quota MBBS Merit List 2022 PDF 1
56 pages
Revolutionizing Circuit Protection With SiC JFETs
No ratings yet
Revolutionizing Circuit Protection With SiC JFETs
7 pages
Elaine Cheng Resume f2021
No ratings yet
Elaine Cheng Resume f2021
1 page
Patterns of Relationships
100% (2)
Patterns of Relationships
11 pages
Activity English
No ratings yet
Activity English
7 pages
Rajiv Gandhi University of Health Sciences Karnataka Bangalore
No ratings yet
Rajiv Gandhi University of Health Sciences Karnataka Bangalore
13 pages
Suvidha Foundation Handbook
No ratings yet
Suvidha Foundation Handbook
10 pages
IT PORTFOLIO
No ratings yet
IT PORTFOLIO
12 pages
Cidri Timeline and History
100% (1)
Cidri Timeline and History
3 pages
Group 10 Ricardo Bofill PDF
100% (1)
Group 10 Ricardo Bofill PDF
22 pages
Harga Cartonan 6 Juli
No ratings yet
Harga Cartonan 6 Juli
67 pages
Conflicts of Law Digest Zalamea Vs CA
No ratings yet
Conflicts of Law Digest Zalamea Vs CA
2 pages
Ba 03
No ratings yet
Ba 03
46 pages
7 Last Words at GNWOM
No ratings yet
7 Last Words at GNWOM
50 pages
Cybercrime in Zimbabwe and Globally
No ratings yet
Cybercrime in Zimbabwe and Globally
19 pages
Agnus Dei - Michael W. Smith-Partitura e Partes
No ratings yet
Agnus Dei - Michael W. Smith-Partitura e Partes
4 pages
Columbus Bank & Trust vs. Michael A. Eddings Lawsuit: Docket, Notice of Removal, Complaint, Exhibit A
No ratings yet
Columbus Bank & Trust vs. Michael A. Eddings Lawsuit: Docket, Notice of Removal, Complaint, Exhibit A
110 pages
GKMC 11 2023 0416 - Proof - Hi
No ratings yet
GKMC 11 2023 0416 - Proof - Hi
33 pages

Files Changed

Uploaded by

Files Changed

Uploaded by

Regshot 1.9.

1 x64 Unicode (beta r321)

You might also like