psloglist64.exe
- File Path:
C:\SysinternalsSuite\psloglist64.exe
- Description: local and remote event log viewer
Hashes
| Type |
Hash |
| MD5 |
E25ADD3F10FDC894E4C1F889350DC290 |
| SHA1 |
1A52602E07992108FDAD676B32FA9F0320A0F5A1 |
| SHA256 |
E2587DD0AA50D75B545E2100FB2BAB0B0607FF7E87B264339C7FB695B8572342 |
| SHA384 |
C0A64ABBB73BABCBB36B0E8285226F0B9FB287982943EF47290EAEB5484FF9456307134C33278626242CDC6C13A90FE3 |
| SHA512 |
E45C725A1FDA86E5ADFCCE5DBE798518EF0E522D62FA091BE6DA91FE8E1A9D69557B1A76B8C774DF87C74C768BA113708D159A6B7EC76BF1D1715DF2CC2E0F41 |
| SSDEEP |
12288:SATs5RWN8i3ltemEyHxHjJ24E/AerdLMHtmIoeg/n:vTmRWairemEyHxHjJ24aRLmmIoek |
| IMP |
EB7D3355DD5AC332785FB5885BE8162E |
| PESHA1 |
D8583BEF899FA0E67F0286CC91BD129FA81F6B4A |
| PE256 |
D7EA114DD59B4701938E07F7E11511B8BCB2FA6DDF7853B2D330BF64B8796450 |
Runtime Data
Usage (stdout):
PsLoglist v2.81 - local and remote event log viewer
Copyright (C) 2000-2019 Mark Russinovich
Sysinternals - www.sysinternals.com
System log on \\37AACD8D-548A-4:
[513] Microsoft-Windows-Kernel-General
Type: INFORMATION
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:52 AM ID: 16
User: NT AUTHORITY\SYSTEM
Message text not available. Insertion strings:
49 \??\C:\Windows\AppCompat\Programs\Amcache.hve.tmp 0 0
[512] Service Control Manager
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:47 AM ID: 7000
The PORTMON service failed to start due to the following error:
%%1275
[511] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:47 AM ID: 1060
Message text not available. Insertion strings:
? \??\C:\SysinternalsSuite\PORTMSYS.SYS
[510] Application Popup
Type: INFORMATION
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:47 AM ID: 26
Message text not available. Insertion strings:
? \??\C:\SysinternalsSuite\PORTMSYS.SYS failed to load
[509] Service Control Manager
Type: INFORMATION
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:47 AM ID: 7045
User: 37AACD8D-548A-4\user
A service was installed in the system.
Service Name: PORTMON
Service File Name: C:\SysinternalsSuite\PORTMSYS.SYS
Service Type: kernel mode driver
Service Start Type: demand start
Service Account: ?
[508] Service Control Manager
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:44 AM ID: 7000
The PORTMON service failed to start due to the following error:
%%1275
[507] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:44 AM ID: 1060
Message text not available. Insertion strings:
? \??\C:\SysinternalsSuite\PORTMSYS.SYS
[506] Application Popup
Type: INFORMATION
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:44 AM ID: 26
Message text not available. Insertion strings:
? \??\C:\SysinternalsSuite\PORTMSYS.SYS failed to load
[505] Service Control Manager
Type: INFORMATION
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:44 AM ID: 7045
User: 37AACD8D-548A-4\user
A service was installed in the system.
Service Name: PORTMON
Service File Name: C:\SysinternalsSuite\PORTMSYS.SYS
Service Type: kernel mode driver
Service Start Type: demand start
Service Account: ?
[504] Service Control Manager
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:42 AM ID: 7000
The PORTMON service failed to start due to the following error:
%%1275
[503] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:42 AM ID: 1060
Message text not available. Insertion strings:
? \??\C:\SysinternalsSuite\PORTMSYS.SYS
[502] Application Popup
Type: INFORMATION
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:42 AM ID: 26
Message text not available. Insertion strings:
? \??\C:\SysinternalsSuite\PORTMSYS.SYS failed to load
[501] Service Control Manager
Type: INFORMATION
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:42 AM ID: 7045
User: 37AACD8D-548A-4\user
A service was installed in the system.
Service Name: PORTMON
Service File Name: C:\SysinternalsSuite\PORTMSYS.SYS
Service Type: kernel mode driver
Service Start Type: demand start
Service Account: ?
[500] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:27 AM ID: 1060
Message text not available. Insertion strings:
? \??\C:\Windows\SysWow64\Drivers\PAGEDFRG.SYS
[499] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:25 AM ID: 1060
Message text not available. Insertion strings:
? \??\C:\Windows\SysWow64\Drivers\PAGEDFRG.SYS
[498] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:22 AM ID: 1060
Message text not available. Insertion strings:
? \??\C:\Windows\SysWow64\Drivers\PAGEDFRG.SYS
[497] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:20 AM ID: 1060
Message text not available. Insertion strings:
? \??\C:\Windows\SysWow64\Drivers\PAGEDFRG.SYS
[496] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:36:18 AM ID: 1060
Message text not available. Insertion strings:
? \??\C:\Windows\SysWow64\Drivers\PAGEDFRG.SYS
[495] Service Control Manager
Type: INFORMATION
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:35:54 AM ID: 7045
User: 37AACD8D-548A-4\user
A service was installed in the system.
Service Name: MYFAULT
Service File Name: C:\Windows\system32\drivers\myfault.sys
Service Type: kernel mode driver
Service Start Type: demand start
Service Account: ?
[494] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:35:50 AM ID: 1060
Message text not available. Insertion strings:
? \??\C:\Windows\SysWow64\drivers\myfault.sys
[493] Service Control Manager
Type: INFORMATION
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:35:50 AM ID: 7045
User: 37AACD8D-548A-4\user
A service was installed in the system.
Service Name: MYFAULT
Service File Name: C:\Windows\system32\drivers\myfault.sys
Service Type: kernel mode driver
Service Start Type: demand start
Service Account: ?
[492] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:35:50 AM ID: 1060
Message text not available. Insertion strings:
? \??\C:\Windows\SysWow64\drivers\myfault.sys
[491] Service Control Manager
Type: INFORMATION
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:35:50 AM ID: 7045
User: 37AACD8D-548A-4\user
A service was installed in the system.
Service Name: MYFAULT
Service File Name: C:\Windows\system32\drivers\myfault.sys
Service Type: kernel mode driver
Service Start Type: demand start
Service Account: ?
[490] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:35:50 AM ID: 1060
Message text not available. Insertion strings:
? \??\C:\Windows\SysWow64\drivers\myfault.sys
[489] Service Control Manager
Type: INFORMATION
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:35:50 AM ID: 7045
User: 37AACD8D-548A-4\user
A service was installed in the system.
Service Name: MYFAULT
Service File Name: C:\Windows\system32\drivers\myfault.sys
Service Type: kernel mode driver
Service Start Type: demand start
Service Account: ?
[488] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:35:45 AM ID: 1060
Message text not available. Insertion strings:
? \??\C:\Windows\SysWow64\drivers\myfault.sys
[487] Service Control Manager
Type: INFORMATION
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:35:45 AM ID: 7045
User: 37AACD8D-548A-4\user
A service was installed in the system.
Service Name: MYFAULT
Service File Name: C:\Windows\system32\drivers\myfault.sys
Service Type: kernel mode driver
Service Start Type: demand start
Service Account: ?
[486] Application Popup
Type: ERROR
Computer: 37aacd8d-548a-4e5b-8f88-125853a1ecae
Time: 9/25/2020 8:35:45 AM ID:
Usage (stderr):
The system cannot find the file specified.
Could not open the specified event log Registry key on 37AACD8D-548A-4:
Loaded Modules:
| Path |
| C:\SysinternalsSuite\psloglist64.exe |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
Signature
- Status: Signature verified.
- Serial:
33000001B1DDEDBA54E965B85F0001000001B1
- Thumbprint:
9DC17888B5CFAD98B3CB35C1994E96227F061675
- Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: psloglist.exe
- Product Name: Sysinternals PsLogList
- Company Name: Sysinternals - www.sysinternals.com
- File Version: 2.81
- Product Version: 2.81
- Language: English (United States)
- Legal Copyright: Copyright (C) 2000-2019 Mark Russinovich
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/70
- VirusTotal Link: https://www.virustotal.com/gui/file/e2587dd0aa50d75b545e2100fb2bab0b0607ff7e87b264339c7fb695b8572342/detection/
Possible Misuse
The following table contains possible examples of psloglist64.exe being misused. While psloglist64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
MIT License. Copyright (c) 2020-2021 Strontic.