Full Analysis Report of regedit.exe

Summary:

  • Summary of the findings

      No. What's been found Severity

Technical details:

  • General

    • User : \\TEST-R7CHD9Q826\Administrator
    • Application type : Windows application
    • Priority : Normal
    • Size : 133120
    • Path : C:\WINDOWS\regedit.exe
    • Command : "C:\WINDOWS\regedit.exe"
    • MD5: f9294c39a7aa9779a53e609b2d10e518
    • SHA1: 3c72d5a7b6a0431cdbb0b1154bbc95a93342667a
    • Alias

      • Version details

        • Company : Microsoft Corporation
        • File version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
        • Product version : 5.2.3790.1830
        • Desciption : Registry Editor
        • Product name : Microsoft(R) Windows(R) Operating System
        • Legal copyright : (C) Microsoft Corporation. All rights reserved.
        • Internal name : REGEDIT
      • File times

        • Creation time : Tuesday, April 05, 2005 - 20:00:00
        • Modification time : Tuesday, April 05, 2005 - 20:00:00
        • Last access time : Wednesday, December 03, 2014 - 16:39:39
      • Process times

        • Start time : 16 : 39 : 39
        • Exit time : 16 : 39 : 40
        • Kernel time : 0.093750 (s)
        • User time : 0.015625 (s)
      • IO counters

        • Read operation : 11
        • Write operation : 11
        • Other operation : 697
        • Read transfer : 1012
        • Write transfer : 1276
        • Other transfer : 8048
      • Memory details

        • Page fault count : 1137
        • Page file usage : 0
        • Peak page file usage : 1613824
        • Peak working set size : 4157440
        • Quota non paged pool usage : 0
        • Quota paged pool usage : 0
        • Quota peak non paged pool usage : 2560
        • Quota peak paged pool usage : 70724
        • Working set size : 28672
      • Process privileges

        • SeChangeNotifyPrivilege
        • SeSecurityPrivilege
        • SeBackupPrivilege
        • SeRestorePrivilege
        • SeSystemtimePrivilege
        • SeShutdownPrivilege
        • SeRemoteShutdownPrivilege
        • SeTakeOwnershipPrivilege
        • SeDebugPrivilege
        • SeSystemEnvironmentPrivilege
        • SeSystemProfilePrivilege
        • SeProfileSingleProcessPrivilege
        • SeIncreaseBasePriorityPrivilege
        • SeLoadDriverPrivilege
        • SeCreatePagefilePrivilege
        • SeIncreaseQuotaPrivilege
        • SeUndockPrivilege
        • SeManageVolumePrivilege
        • SeImpersonatePrivilege
        • SeCreateGlobalPrivilege
    • Events statistics

        Event Count
        SetValueKey 1
        Process Create 1
        Process Exit 1
        Thread Create 1
        Thread Exit 1
        Load Image 28
    • Modules

        Index Name Path Load Address Image Size Entry Point Version Size Company Description
        1 ntdll.dll %System%\ntdll.dll 0x7C930000 0xD2000 0x00000000 5.2.3790.3290 (srv03_sp1_gdr.090203-1205) 841216 Microsoft Corporation NT Layer DLL
        2 KERNEL32.dll %System%\kernel32.dll 0x7C800000 0x12C000 0x7C825FB4 5.2.3790.3311 (srv03_sp1_gdr.090321-1245) 1206784 Microsoft Corporation Windows NT BASE API Client DLL
        3 msvcrt.dll %System%\msvcrt.dll 0x77B70000 0x5A000 0x77B7F78B 7.0.3790.1830 (srv03_sp1_rtm.050324-1447) 348672 Microsoft Corporation Windows NT CRT DLL
        4 ADVAPI32.dll %System%\advapi32.dll 0x77F30000 0xAC000 0x77F4DFCD 5.2.3790.3290 (srv03_sp1_gdr.090203-1205) 686592 Microsoft Corporation Advanced Windows 32 Base API
        5 RPCRT4.dll %System%\rpcrt4.dll 0x77C20000 0x9F000 0x77C45061 5.2.3790.2971 (srv03_sp1_gdr.070709-2334) 642560 Microsoft Corporation Remote Procedure Call Runtime
        6 GDI32.dll %System%\gdi32.dll 0x77BD0000 0x49000 0x77BDB23E 5.2.3790.3233 (srv03_sp1_gdr.081022-1216) 286208 Microsoft Corporation GDI Client DLL
        7 USER32.dll %System%\user32.dll 0x77E10000 0x91000 0x77E1947C 5.2.3790.2892 (srv03_sp1_gdr.070301-0030) 584192 Microsoft Corporation Windows USER API Client DLL
        8 Comctl32.dll %Windir%\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.1830_x-ww_7AE38CCF\comctl32.dll 0x77CD0000 0x103000 0x77D5A81E 6.0 (srv03_sp1_rtm.050324-1447) 1051136 Microsoft Corporation User Experience Controls Library
        9 SHLWAPI.dll %System%\shlwapi.dll 0x77EB0000 0x52000 0x77ED86F9 6.00.3790.3304 (srv03_sp1_gdr.090303-1204) 320512 Microsoft Corporation Shell Light-weight Utility Library
        10 comdlg32.dll %System%\comdlg32.dll 0x761A0000 0x48000 0x761AB5E5 6.00.3790.1830 (srv03_sp1_rtm.050324-1447) 273920 Microsoft Corporation Common Dialogs DLL
        11 shell32.dll %System%\shell32.dll 0x7CA10000 0x7E1000 0x7CA90660 6.00.3790.3158 (srv03_sp1_gdr.080617-1231) 8242176 Microsoft Corporation Windows Shell Common Dll
        12 AUTHZ.dll %System%\authz.dll 0x76BA0000 0x14000 0x76BA11FA 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 68096 Microsoft Corporation Authorization Framework
        13 ACLUI.dll %System%\aclui.dll 0x714C0000 0x1C000 0x714D10F6 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 100352 Microsoft Corporation Security Descriptor Editor
        14 ole32.dll %System%\ole32.dll 0x774B0000 0x134000 0x774F5C37 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 1244672 Microsoft Corporation Microsoft OLE for Windows
        15 OLEAUT32.dll %System%\oleaut32.dll 0x775F0000 0x8C000 0x775F3F9B 5.2.3790.3057 557568 Microsoft Corporation
        16 ulib.dll %System%\ulib.dll 0x71EB0000 0x5C000 0x71EC08D4 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 370176 Microsoft Corporation File Utilities Support DLL
        17 clb.dll %System%\clb.dll 0x6EFA0000 0x6000 0x6EFA20A2 5.2.3790.0 (srv03_rtm.030324-2048) 11776 Microsoft Corporation Column List Box
        18 IMM32.DLL %System%\imm32.dll 0x76180000 0x1D000 0x761812D0 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 110592 Microsoft Corporation Windows IMM32 API Client DLL
        19 LPK.DLL %System%\lpk.dll 0x63090000 0x9000 0x63092EB2 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 22016 Microsoft Corporation Language Pack
        20 USP10.dll %System%\usp10.dll 0x74AE0000 0x61000 0x74B189AC 1.0422.3790.1830 (srv03_sp1_rtm.050324-1447) 364032 Microsoft Corporation Uniscribe Unicode script processor
        21 MSCTF.dll %System%\MSCTF.dll 0x4B210000 0x51000 0x4B2113EE 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 317440 Microsoft Corporation MSCTF Server DLL
        22 apphelp.dll %System%\apphelp.dll 0x75D60000 0x27000 0x75D61239 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 150016 Microsoft Corporation Application Compatibility Client Library
        23 msctfime.ime %System%\MSCTFIME.IME 0x4C510000 0x2E000 0x4C529F5D 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 177152 Microsoft Corporation Microsoft Text Frame Work Service IME
        24 UxTheme.dll %System%\uxtheme.dll 0x71AD0000 0x35000 0x71AD21E7 6.00.3790.1830 (srv03_sp1_rtm.050324-1447) 204800 Microsoft Corporation Microsoft UxTheme Library

         

    • File system modifications

    • Memory modifications

    • Registry modifications

      • The following Registry value was modified:

        • H = 9
    • Network activity

    • How to protect yourself in the future

    This report was created with Ax3soft Scout.