Created
November 12, 2014 02:16
-
-
Save gadgetmg/0f30416c1659fd00db0e to your computer and use it in GitHub Desktop.
ChefDK Windows 8.1 aeinv.dll activity loop
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 9:09:23.6832880 PM rundll32.exe 7560 CreateFile C:\ SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:23.6833170 PM rundll32.exe 7560 QueryDirectory C:\opscode SUCCESS Filter: opscode, 1: opscode | |
| 9:09:23.6833454 PM rundll32.exe 7560 CloseFile C:\ SUCCESS | |
| 9:09:23.6834414 PM rundll32.exe 7560 CreateFile C:\opscode SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:23.6834794 PM rundll32.exe 7560 QueryDirectory C:\opscode\chefdk SUCCESS Filter: chefdk, 1: chefdk | |
| 9:09:23.6835138 PM rundll32.exe 7560 CloseFile C:\opscode SUCCESS | |
| 9:09:23.6836418 PM rundll32.exe 7560 CreateFile C:\opscode\chefdk SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:23.6836774 PM rundll32.exe 7560 QueryDirectory C:\opscode\chefdk\embedded SUCCESS Filter: embedded, 1: embedded | |
| 9:09:23.6837028 PM rundll32.exe 7560 CloseFile C:\opscode\chefdk SUCCESS | |
| 9:09:23.6837909 PM rundll32.exe 7560 CreateFile C:\opscode\chefdk\embedded SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:23.6838187 PM rundll32.exe 7560 QueryDirectory C:\opscode\chefdk\embedded\lib SUCCESS Filter: lib, 1: lib | |
| 9:09:23.6838434 PM rundll32.exe 7560 CloseFile C:\opscode\chefdk\embedded SUCCESS | |
| 9:09:23.6839533 PM rundll32.exe 7560 CreateFile C:\opscode\chefdk\embedded\lib SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:23.6839805 PM rundll32.exe 7560 QueryDirectory C:\opscode\chefdk\embedded\lib\perl5 SUCCESS Filter: perl5, 1: perl5 | |
| 9:09:23.6840040 PM rundll32.exe 7560 CloseFile C:\opscode\chefdk\embedded\lib SUCCESS | |
| 9:09:23.6840892 PM rundll32.exe 7560 CreateFile C:\opscode\chefdk\embedded\lib\perl5 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:23.6841157 PM rundll32.exe 7560 QueryDirectory C:\opscode\chefdk\embedded\lib\perl5\5.8 SUCCESS Filter: 5.8, 1: 5.8 | |
| 9:09:23.6841387 PM rundll32.exe 7560 CloseFile C:\opscode\chefdk\embedded\lib\perl5 SUCCESS | |
| 9:09:23.6842214 PM rundll32.exe 7560 CreateFile C:\opscode\chefdk\embedded\lib\perl5\5.8 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:23.6842479 PM rundll32.exe 7560 QueryDirectory C:\opscode\chefdk\embedded\lib\perl5\5.8\msys SUCCESS Filter: msys, 1: msys | |
| 9:09:23.6842727 PM rundll32.exe 7560 CloseFile C:\opscode\chefdk\embedded\lib\perl5\5.8 SUCCESS | |
| 9:09:23.6843578 PM rundll32.exe 7560 CreateFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:23.6843844 PM rundll32.exe 7560 QueryDirectory C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto SUCCESS Filter: auto, 1: auto | |
| 9:09:23.6844079 PM rundll32.exe 7560 CloseFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys SUCCESS | |
| 9:09:23.6844906 PM rundll32.exe 7560 CreateFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:23.6845160 PM rundll32.exe 7560 QueryDirectory C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable SUCCESS Filter: Storable, 1: Storable | |
| 9:09:23.6845389 PM rundll32.exe 7560 CloseFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto SUCCESS | |
| 9:09:23.6845854 PM rundll32.exe 7560 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 | |
| 9:09:23.6846011 PM rundll32.exe 7560 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E18E55A8E4CDB93418F5A5B1C9A2EDB3\InstallProperties SUCCESS Desired Access: Read | |
| 9:09:23.6846247 PM rundll32.exe 7560 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E18E55A8E4CDB93418F5A5B1C9A2EDB3\InstallProperties\LocalPackage SUCCESS Type: REG_SZ, Length: 66, Data: C:\Windows\Installer\ad3d9f9.msi | |
| 9:09:23.6846573 PM rundll32.exe 7560 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E18E55A8E4CDB93418F5A5B1C9A2EDB3\InstallProperties SUCCESS | |
| 9:09:23.6846772 PM rundll32.exe 7560 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 | |
| 9:09:23.6846995 PM rundll32.exe 7560 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E18E55A8E4CDB93418F5A5B1C9A2EDB3\InstallProperties SUCCESS Desired Access: Read | |
| 9:09:23.6847146 PM rundll32.exe 7560 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E18E55A8E4CDB93418F5A5B1C9A2EDB3\InstallProperties\LocalPackage SUCCESS Type: REG_SZ, Length: 66, Data: C:\Windows\Installer\ad3d9f9.msi | |
| 9:09:23.6847273 PM rundll32.exe 7560 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E18E55A8E4CDB93418F5A5B1C9A2EDB3\InstallProperties SUCCESS | |
| 9:09:24.8091306 PM rundll32.exe 7560 CreateFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable\lock_retrieve.al SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:24.8091662 PM rundll32.exe 7560 QueryBasicInformationFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable\lock_retrieve.al SUCCESS CreationTime: 10/2/2014 4:09:12 PM, LastAccessTime: 11/2/2014 1:54:43 PM, LastWriteTime: 10/2/2014 4:09:12 PM, ChangeTime: 11/2/2014 1:54:43 PM, FileAttributes: A | |
| 9:09:24.8091831 PM rundll32.exe 7560 CloseFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable\lock_retrieve.al SUCCESS | |
| 9:09:24.8093479 PM rundll32.exe 7560 CreateFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable\lock_retrieve.al SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:24.8093733 PM rundll32.exe 7560 QueryBasicInformationFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable\lock_retrieve.al SUCCESS CreationTime: 10/2/2014 4:09:12 PM, LastAccessTime: 11/2/2014 1:54:43 PM, LastWriteTime: 10/2/2014 4:09:12 PM, ChangeTime: 11/2/2014 1:54:43 PM, FileAttributes: A | |
| 9:09:24.8093884 PM rundll32.exe 7560 CloseFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable\lock_retrieve.al SUCCESS | |
| 9:09:24.8094964 PM rundll32.exe 7560 CreateFile C:\Windows\WinSxS\FileMaps\opscode_chefdk_embedded_lib_perl5_5.8_msys_auto_storable_b27017102f677ee7.cdf-ms NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, AllocationSize: n/a | |
| 9:09:24.8095393 PM rundll32.exe 7560 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 | |
| 9:09:24.8095568 PM rundll32.exe 7560 RegOpenKey HKLM\software\microsoft\windows\currentversion\setup\PnpLockdownFiles SUCCESS Desired Access: Read | |
| 9:09:24.8095786 PM rundll32.exe 7560 RegQueryKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles SUCCESS Query: HandleTags, HandleTags: 0x0 | |
| 9:09:24.8095912 PM rundll32.exe 7560 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%/opscode/chefdk/embedded/lib/perl5/5.8/msys/auto/Storable/lock_retrieve.al NAME NOT FOUND Desired Access: Read | |
| 9:09:24.8096232 PM rundll32.exe 7560 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles SUCCESS | |
| 9:09:24.8096655 PM rundll32.exe 7560 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 | |
| 9:09:24.8096890 PM rundll32.exe 7560 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed NAME NOT FOUND Desired Access: Read | |
| 9:09:24.8097029 PM rundll32.exe 7560 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 | |
| 9:09:24.8097204 PM rundll32.exe 7560 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData SUCCESS Desired Access: Read | |
| 9:09:24.8097434 PM rundll32.exe 7560 RegQueryKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData SUCCESS Query: HandleTags, HandleTags: 0x0 | |
| 9:09:24.8097554 PM rundll32.exe 7560 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access | |
| 9:09:24.8097675 PM rundll32.exe 7560 RegQueryKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 SUCCESS Query: HandleTags, HandleTags: 0x0 | |
| 9:09:24.8097790 PM rundll32.exe 7560 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components SUCCESS Desired Access: Read | |
| 9:09:24.8097905 PM rundll32.exe 7560 RegQueryKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components SUCCESS Query: HandleTags, HandleTags: 0x0 | |
| 9:09:24.8098019 PM rundll32.exe 7560 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF90D0F62D767134FAC47F930717429E SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access | |
| 9:09:24.8098243 PM rundll32.exe 7560 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF90D0F62D767134FAC47F930717429E\e18e55a8e4cdb93418f5a5b1c9a2edb3 BUFFER OVERFLOW Length: 144 | |
| 9:09:24.8098351 PM rundll32.exe 7560 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF90D0F62D767134FAC47F930717429E\e18e55a8e4cdb93418f5a5b1c9a2edb3 SUCCESS Type: REG_SZ, Length: 148, Data: C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable\lock_store.al | |
| 9:09:24.8099873 PM rundll32.exe 7560 CreateFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable\lock_store.al SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:24.8103815 PM rundll32.exe 7560 QueryNetworkOpenInformationFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable\lock_store.al SUCCESS CreationTime: 10/2/2014 4:09:12 PM, LastAccessTime: 11/2/2014 1:54:43 PM, LastWriteTime: 10/2/2014 4:09:12 PM, ChangeTime: 11/2/2014 1:54:43 PM, AllocationSize: 424, EndOfFile: 418, FileAttributes: A | |
| 9:09:24.8103984 PM rundll32.exe 7560 CloseFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable\lock_store.al SUCCESS | |
| 9:09:24.8104382 PM rundll32.exe 7560 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components SUCCESS | |
| 9:09:24.8104485 PM rundll32.exe 7560 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF90D0F62D767134FAC47F930717429E SUCCESS | |
| 9:09:24.8104582 PM rundll32.exe 7560 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 SUCCESS | |
| 9:09:24.8104654 PM rundll32.exe 7560 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData SUCCESS | |
| 9:09:24.8106429 PM rundll32.exe 7560 CreateFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened | |
| 9:09:24.8106803 PM rundll32.exe 7560 QueryBasicInformationFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable SUCCESS CreationTime: 11/2/2014 1:53:16 PM, LastAccessTime: 11/2/2014 1:56:04 PM, LastWriteTime: 11/2/2014 1:56:04 PM, ChangeTime: 11/2/2014 1:56:04 PM, FileAttributes: D | |
| 9:09:24.8106960 PM rundll32.exe 7560 CloseFile C:\opscode\chefdk\embedded\lib\perl5\5.8\msys\auto\Storable SUCCESS |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment