[reg] Total=18 [cmd] numSections=18 1=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 1 Total=23 2=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 2 3=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 3 4=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 4 5=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 5 6=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 6 7=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 7 8=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 8 9=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 9 10=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 10 11=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 11 12=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 12 13=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 13 14=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 14 15=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 15 16=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 16 17=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 17 18=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 18 19=SERVICE_BASED VERB_SERVICE_STATE OBJ_SERVICE dom_miner 20=CUSTOM_BASED VERB_RESTART_SYSTEM OBJ_OS 0 21=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 7 22=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 9 23=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 10 [1] hive=HKLM type=REG_EXPAND_SZ redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner\Parameters param=Application data=\u0043\u003A\u005C\u0055\u0073\u0065\u0072\u0073\u005C\u0041\u0064\u006D\u0069\u006E\u0069\u0073\u0074\u0072\u0061\u0074\u006F\u0072\u005C\u0064\u006F\u006D\u005C\u0064\u006F\u006D\u002E\u0065\u0078\u0065 dataDecoded=C:\Users\Administrator\dom\dom.exe hash=3CBA1CAF [2] hive=HKLM type=REG_EXPAND_SZ redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner\Parameters param=AppParameters data= dataDecoded= hash=00000000 [3] hive=HKLM type=REG_EXPAND_SZ redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner\Parameters param=AppDirectory data=\u0043\u003A\u005C\u0055\u0073\u0065\u0072\u0073\u005C\u0041\u0064\u006D\u0069\u006E\u0069\u0073\u0074\u0072\u0061\u0074\u006F\u0072\u005C\u0064\u006F\u006D dataDecoded=C:\Users\Administrator\dom hash=7AA51417 [4] hive=HKLM type=REG_DWORD redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner\Parameters param=AppPriority data=16384 dataDecoded=16384 hash=9F25D2D1 [5] hive=HKLM type=REG_EXPAND_SZ redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner\Parameters param=AppStdout data=\u0043\u003A\u005C\u0055\u0073\u0065\u0072\u0073\u005C\u0041\u0064\u006D\u0069\u006E\u0069\u0073\u0074\u0072\u0061\u0074\u006F\u0072\u005C\u0064\u006F\u006D\u005C\u0073\u0074\u0064\u006F\u0075\u0074 dataDecoded=C:\Users\Administrator\dom\stdout hash=85CCF5E6 [6] hive=HKLM type=REG_EXPAND_SZ redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner\Parameters param=AppStderr data=\u0043\u003A\u005C\u0055\u0073\u0065\u0072\u0073\u005C\u0041\u0064\u006D\u0069\u006E\u0069\u0073\u0074\u0072\u0061\u0074\u006F\u0072\u005C\u0064\u006F\u006D\u005C\u0073\u0074\u0064\u0065\u0072\u0072 dataDecoded=C:\Users\Administrator\dom\stderr hash=AE367E17 [7] hive=HKLM type=REG_SZ redir=0 empty=-1 DateM=2024/06/18 15:50:31 SD=O:BAG:S-1-5-21-3339660976-4175652973-1130352044-513D:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;CIIOID;GA;;;CO)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681) key=System\CurrentControlSet\Services\dom_miner\Parameters param= data= dataDecoded= hash=00000000 [8] hive=HKLM type=REG_SZ redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner\Parameters\AppExit param= data=\u0052\u0065\u0073\u0074\u0061\u0072\u0074 dataDecoded=Restart hash=991ED169 [9] hive=HKLM type=REG_SZ redir=0 empty=0 DateM=2024/06/18 15:50:27 SD=O:BAG:S-1-5-21-3339660976-4175652973-1130352044-513D:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;CIIOID;GA;;;CO)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681) key=System\CurrentControlSet\Services\dom_miner\Parameters\AppExit param= data=\u0052\u0065\u0073\u0074\u0061\u0072\u0074 dataDecoded=Restart hash=991ED169 [10] hive=HKLM type=REG_SZ redir=0 empty=-1 DateM=2024/06/18 15:50:27 SD=O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;CIIOID;GA;;;CO)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681) key=System\CurrentControlSet\Services\dom_miner param= data= dataDecoded= hash=00000000 [11] hive=HKLM type=REG_DWORD redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner param=Type data=16 dataDecoded=16 hash=483E80D4 [12] hive=HKLM type=REG_DWORD redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner param=Start data=2 dataDecoded=2 hash=1AD5BE0D [13] hive=HKLM type=REG_DWORD redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner param=ErrorControl data=1 dataDecoded=1 hash=83DCEFB7 [14] hive=HKLM type=REG_EXPAND_SZ redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner param=ImagePath data=\u0043\u003A\u005C\u0055\u0073\u0065\u0072\u0073\u005C\u0041\u0064\u006D\u0069\u006E\u0069\u0073\u0074\u0072\u0061\u0074\u006F\u0072\u005C\u0064\u006F\u006D\u005C\u0064\u0073\u006D\u002E\u0065\u0078\u0065 dataDecoded=C:\Users\Administrator\dom\dsm.exe hash=1EF2FB23 [15] hive=HKLM type=REG_SZ redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner param=DisplayName data=\u0064\u006F\u006D\u005F\u006D\u0069\u006E\u0065\u0072 dataDecoded=dom_miner hash=8CB6DD83 [16] hive=HKLM type=REG_SZ redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner param=ObjectName data=\u004C\u006F\u0063\u0061\u006C\u0053\u0079\u0073\u0074\u0065\u006D dataDecoded=LocalSystem hash=63F2F08C [17] hive=HKLM type=REG_DWORD redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner param=DelayedAutostart data=0 dataDecoded=0 hash=F4DBDF21 [18] hive=HKLM type=REG_DWORD redir=0 empty=0 key=System\CurrentControlSet\Services\dom_miner param=FailureActionsOnNonCrashFailures data=1 dataDecoded=1 hash=83DCEFB7