Kaspersky Threat Intelligence Portal provides information about activities that were registered during the file execution. The results are displayed in separate tables, each of which contains up to 10 entries.
Execution environments with Microsoft Windows operating systems installed
System activities for Microsoft Windows
Table name |
Description |
Table fields |
---|---|---|
Loaded PE Images |
Loaded PE images detected during file execution. |
Path—Full path to the loaded PE image. Size—Size of the loaded PE image in bytes. |
File operations |
File operations registered during file execution. |
Operation—Operation name. Name—Name of the file related to the registered operation. Size—Size of the file related to the registered operation. |
Registry operations |
Operations performed on the operating system registry detected during file execution. Operations that have led to suspicious activities are shown first. |
Operation—Operation name. Details—Operation attributes. |
Process operations |
Interactions of the file with various processes registered during file execution. |
Interaction type—Type of interaction between the executed file and a process. Process name—Name of the process that interacted with the executed file. |
Synchronize operations |
Operations of created synchronization objects: mutual exclusions (mutexes), semaphores, and events registered during the file execution. |
Type—Type of the created synchronization object. Name—Name of the created synchronization object. |
Execution environments with Android operating systems installed
System activities for Android
Table name |
Description |
Table fields |
---|---|---|
Loaded modules |
Modules that the file downloaded during the execution. |
Status—Status (danger level) of the module. Severity—Severity of the module's danger level. Timestamp—Date and time when the module was loaded, specified in UNIX time: number of seconds elapsed since 00:00:00 (UTC), 1 January 1970. Path—Full path to the loaded module. Description—Description of the loaded module. |