| 1 |
"2007-11-05 16:36:48.205","process","created","992","C:\WINDOWS\system32\svchost.exe","2012","C:\WINDOWS\system32\wbem\wmiadap.exe" |
|---|
| 2 |
"2007-11-05 16:36:50.18","registry","DeleteValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","HKLM\SOFTWARE\Microsoft\WBEM\WDM","WMIBinaryMofResource.HighDateTime=29653437,LowDateTime=3891003648,Name="C:\\WINDOWS\\system32\\advapi32.dll[MofResourceName]"","REG_NONE","" |
|---|
| 3 |
"2007-11-05 16:36:56.581","registry","SetValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","HKLM\SOFTWARE\Microsoft\WBEM\WDM","C:\WINDOWS\system32\advapi32.dll[MofResourceName]","REG_SZ","LowDateTime:-2044225280,HighDateTime:29653429***Binary mof compiled successfully" |
|---|
| 4 |
"2007-11-05 16:37:04.347","registry","DeleteValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","\REG","WMIBinaryMofResource.HighDateTime=29653422,LowDateTime=2875513088,Name="C:\\WINDOWS\\System32\\DRIVERS\\ACPI.sys[ACPIMOFResource]"","REG_NONE","" |
|---|
| 5 |
"2007-11-05 16:37:04.691","registry","SetValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","HKLM\SOFTWARE\Microsoft\WBEM\WDM","C:\WINDOWS\System32\DRIVERS\ACPI.sys[ACPIMOFResource]","REG_SZ","LowDateTime:1235251456,HighDateTime:29653414***Binary mof compiled successfully" |
|---|
| 6 |
"2007-11-05 16:37:04.831","registry","DeleteValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","\REG","WMIBinaryMofResource.HighDateTime=29653447,LowDateTime=3591330688,Name="C:\\WINDOWS\\System32\\DRIVERS\\mssmbios.sys[MofResource]"","REG_NONE","" |
|---|
| 7 |
"2007-11-05 16:37:04.894","registry","SetValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","HKLM\SOFTWARE\Microsoft\WBEM\WDM","C:\WINDOWS\System32\DRIVERS\mssmbios.sys[MofResource]","REG_SZ","LowDateTime:1951069056,HighDateTime:29653439***Binary mof compiled successfully" |
|---|
| 8 |
"2007-11-05 16:37:04.972","registry","DeleteValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","\REGIS","WMIBinaryMofResource.HighDateTime=29653446,LowDateTime=2806297984,Name="C:\\WINDOWS\\System32\\DRIVERS\\intelppm.sys[PROCESSORWMI]"","REG_NONE","" |
|---|
| 9 |
"2007-11-05 16:37:05.581","registry","SetValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","HKLM\SOFTWARE\Microsoft\WBEM\WDM","C:\WINDOWS\System32\DRIVERS\intelppm.sys[PROCESSORWMI]","REG_SZ","LowDateTime:1166036352,HighDateTime:29653438***Binary mof compiled successfully" |
|---|
| 10 |
"2007-11-05 16:37:05.988","registry","DeleteValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","\REGISTRY\","WMIBinaryMofResource.HighDateTime=29435636,LowDateTime=863039744,Name="C:\\WINDOWS\\System32\\DRIVERS\\pcntpci5.sys[NdisMofResource]"","REG_NONE","" |
|---|
| 11 |
"2007-11-05 16:37:06.66","registry","SetValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","HKLM\SOFTWARE\Microsoft\WBEM\WDM","C:\WINDOWS\System32\DRIVERS\pcntpci5.sys[NdisMofResource]","REG_SZ","LowDateTime:-777221888,HighDateTime:29435627***Binary mof compiled successfully" |
|---|
| 12 |
"2007-11-05 16:37:06.175","registry","DeleteValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","\REGISTR","WMIBinaryMofResource.HighDateTime=29653422,LowDateTime=1215513088,Name="C:\\WINDOWS\\System32\\DRIVERS\\ipnat.sys[IPNATMofResource]"","REG_NONE","" |
|---|
| 13 |
"2007-11-05 16:37:06.269","registry","SetValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","HKLM\SOFTWARE\Microsoft\WBEM\WDM","C:\WINDOWS\System32\DRIVERS\ipnat.sys[IPNATMofResource]","REG_SZ","LowDateTime:-424748544,HighDateTime:29653413***Binary mof compiled successfully" |
|---|
| 14 |
"2007-11-05 16:37:06.378","registry","DeleteValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","","WMIBinaryMofResource.HighDateTime=29666671,LowDateTime=3283808384,Name="C:\\WINDOWS\\System32\\Drivers\\HTTP.sys[UlMofResource]"","REG_NONE","" |
|---|
| 15 |
"2007-11-05 16:37:06.581","registry","SetValueKey","112","C:\WINDOWS\system32\wbem\wmiprvse.exe","HKLM\SOFTWARE\Microsoft\WBEM\WDM","C:\WINDOWS\System32\Drivers\HTTP.sys[UlMofResource]","REG_SZ","LowDateTime:1643546752,HighDateTime:29666663***Binary mof compiled successfully" |
|---|
| 16 |
"2007-11-05 16:37:14.785","file","Delete","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","C:\WINDOWS\system32\wbem\Performance\WmiApRpl.h" |
|---|
| 17 |
"2007-11-05 16:37:29.567","registry","SetValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib","Updating","REG_SZ","WmiApRpl" |
|---|
| 18 |
"2007-11-05 16:37:29.551","file","Delete","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","C:\WINDOWS\system32\wbem\Performance\WmiApRpl.ini" |
|---|
| 19 |
"2007-11-05 16:37:29.739","registry","SetValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib","Last Counter","REG_DWORD","fda" |
|---|
| 20 |
"2007-11-05 16:37:29.739","registry","SetValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib","Last Help","REG_DWORD","fdb" |
|---|
| 21 |
"2007-11-05 16:37:29.739","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","First Counter","REG_NONE","" |
|---|
| 22 |
"2007-11-05 16:37:29.739","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","Last Counter","REG_NONE","" |
|---|
| 23 |
"2007-11-05 16:37:29.739","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","First Help","REG_NONE","" |
|---|
| 24 |
"2007-11-05 16:37:29.739","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","Last Help","REG_NONE","" |
|---|
| 25 |
"2007-11-05 16:37:29.739","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","Object List","REG_NONE","" |
|---|
| 26 |
"2007-11-05 16:37:29.739","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","Library Validation Code","REG_NONE","" |
|---|
| 27 |
"2007-11-05 16:37:29.739","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib","Updating","REG_NONE","" |
|---|
| 28 |
"2007-11-05 16:37:29.739","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","First Counter","REG_NONE","" |
|---|
| 29 |
"2007-11-05 16:37:29.739","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","First Help","REG_NONE","" |
|---|
| 30 |
"2007-11-05 16:37:29.739","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","Last Counter","REG_NONE","" |
|---|
| 31 |
"2007-11-05 16:37:29.739","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","Last Help","REG_NONE","" |
|---|
| 32 |
"2007-11-05 16:37:29.770","registry","SetValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib","Updating","REG_SZ","WmiApRpl" |
|---|
| 33 |
"2007-11-05 16:37:33.708","file","Delete","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","C:\WINDOWS\system32\PerfStringBackup.TMP" |
|---|
| 34 |
"2007-11-05 16:37:34.895","registry","SetValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib","Last Counter","REG_DWORD","fe8" |
|---|
| 35 |
"2007-11-05 16:37:34.895","registry","SetValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib","Last Help","REG_DWORD","fe9" |
|---|
| 36 |
"2007-11-05 16:37:34.895","registry","SetValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","Last Counter","REG_DWORD","fe8" |
|---|
| 37 |
"2007-11-05 16:37:34.895","registry","SetValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","Last Help","REG_DWORD","fe9" |
|---|
| 38 |
"2007-11-05 16:37:34.895","registry","SetValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","First Counter","REG_DWORD","fdc" |
|---|
| 39 |
"2007-11-05 16:37:34.895","registry","SetValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","First Help","REG_DWORD","fdd" |
|---|
| 40 |
"2007-11-05 16:37:34.895","registry","SetValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","Object List","REG_SZ","4060 4066" |
|---|
| 41 |
"2007-11-05 16:37:34.895","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance","Disable Performance Counters","REG_NONE","" |
|---|
| 42 |
"2007-11-05 16:37:34.895","registry","DeleteValueKey","2012","C:\WINDOWS\system32\wbem\wmiadap.exe","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib","Updating","REG_NONE","" |
|---|
| 43 |
"2007-11-05 16:37:40.333","process","terminated","992","C:\WINDOWS\system32\svchost.exe","2012","C:\WINDOWS\system32\wbem\wmiadap.exe" |
|---|
| 44 |
"2007-11-06 13:59:53.124","process","created","1340","C:\WINDOWS\explorer.exe","1032","C:\WINDOWS\system32\taskmgr.exe" |
|---|
