VirSCAN VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้

ภาษา
การทำงานของเซิฟเวอร์
Server Load
eb2f95dd4a7cf6ea36f0f5224f4c9927    รายงานการวิเคราะห์แบบผสมผสาน
รายงานการสแกนหลายเครื่องของ Virscan.org
ข้อมูลพื้นฐาน
ชื่อไฟล์:eb2f95dd4a7cf6ea36f0f5224f4c9927
ขนาดไฟล์:1021684
ประเภทไฟล์:PE32 executable (GUI) Intel 80386, for MS Windows
เวลาในการส่ง:2019-08-31 07:40:07
MD5:eb2f95dd4a7cf6ea36f0f5224f4c9927
sha1:91d8cde5c346c8a5c183b2bb96423d2d98ddd465
sha256:483c6f80402dfda8523ac927298e3742170fc6cf44d655f1863f5c01a04cc7ac
enviorment_description:Windows 7 32 bit (HWP Support)
total_processes:0
total_signatures:0
file_analysis: 0
mitre_attcks:0
รายงานการวิเคราะห์เอกสาร
uuid:java:java.util.UUID
xmlns:http://www.misp-project.org/
Event
id:530eac35-49be-4f9d-b24f-e52f93c85d56
date:2019-08-30
info:Falcon Sandbox auto-generated for \"483c6f80402dfda8523ac927298e3742170fc6cf44d655f1863f5c01a04cc7ac\"
analysis:2
distribution:1
published:1
Attribute
category:External analysis
type:link
value:https://www.hybrid-analysis.com/search?query=483c6f80402dfda8523ac927298e3742170fc6cf44d655f1863f5c01a04cc7ac
distribution:1
category:External analysis
type:comment
value:Falcon Sandbox v8.30 Copyright 2019 Hybrid Analysis GmbH, All Rights Reserved, www.payload-security.com
distribution:1
category:Payload delivery
type:filename|md5
value:483c6f80402dfda8523ac927298e3742170fc6cf44d655f1863f5c01a04cc7ac|eb2f95dd4a7cf6ea36f0f5224f4c9927
distribution:1
category:Payload delivery
type:filename|sha1
value:483c6f80402dfda8523ac927298e3742170fc6cf44d655f1863f5c01a04cc7ac|91d8cde5c346c8a5c183b2bb96423d2d98ddd465
distribution:1
category:Payload delivery
type:filename|sha256
value:483c6f80402dfda8523ac927298e3742170fc6cf44d655f1863f5c01a04cc7ac|483c6f80402dfda8523ac927298e3742170fc6cf44d655f1863f5c01a04cc7ac
distribution:1
category:Payload delivery
type:filename|sha512
value:483c6f80402dfda8523ac927298e3742170fc6cf44d655f1863f5c01a04cc7ac|3f61ac3406a9c1e3241573ff040c186a1ed04ddf9f353d576e8eb3dc2da6ea92bd298c72e5e094546be76be79fdc48467715f41be3461c156c958b8d0f26236d
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:domain|ip
value:afs.googleusercontent.com|216.58.194.33
distribution:1
category:Network activity
type:domain|ip
value:api.parking.godaddy.com|35.227.236.88
distribution:1
category:Network activity
type:domain|ip
value:certificates.godaddy.com|72.167.18.237
distribution:1
category:Network activity
type:domain|ip
value:crl.godaddy.com|72.167.18.237
distribution:1
category:Network activity
type:domain|ip
value:crl.pki.goog|172.217.1.35
distribution:1
category:Network activity
type:domain|ip
value:d1hi41nc56pmug.cloudfront.net|13.33.227.173
distribution:1
category:Network activity
type:domain|ip
value:events.parking.godaddy.com|45.40.140.140
distribution:1
category:Network activity
type:domain|ip
value:ocsp.godaddy.com|72.167.18.239
distribution:1
category:Network activity
type:domain|ip
value:ocsp.pki.goog|172.217.1.35
distribution:1
category:Network activity
type:domain|ip
value:www.gstatic.com|172.217.5.3
distribution:1
category:Network activity
type:domain|ip
value:www.supernetforme.com|35.186.238.101
distribution:1
category:Network activity
type:domain|ip
value:www.superwebbysearch.com|35.186.238.101
distribution:1
category:Network activity
type:ip-dst
value:35.186.238.101
distribution:1
category:Network activity
type:ip-dst
value:13.249.94.68
distribution:1
category:Payload installation
type:filename|md5
value:urlblockindex_1_.bin|fa518e3dfae8ca3a0e495460fd60c791
distribution:1
category:Payload installation
type:filename|sha1
value:urlblockindex_1_.bin|e4f30e49120657d37267c0162fd4a08934800c69
distribution:1
category:Payload installation
type:filename|sha256
value:urlblockindex_1_.bin|775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
distribution:1
category:Payload installation
type:filename|sha512
value:urlblockindex_1_.bin|d21667f3fb081d39b579178e74e9bb1b6e9a97f2659029c165729a58f1787dc0adadd980cd026c7a601d416665a81ac13a69e49a6a2fe2fdd0967938aa645c07
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk|6ce8da5b6c73013f31581147f143fae8
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk|26875acab2d40a92579ddb566ec4a2da751f0a3b
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk|bf9ad336dc087a29160a913afb574f68c1dde38ad5c7a3e29bafcc0988c44c74
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk|9a17e21ccca442616db7a15dc78a24fa61736db362df206443915c4beb3b1b9690b79bfa9c9c0b6502676c1528a982afad92fa6f77855b9c16840419b4072762
distribution:1
category:Payload installation
type:filename|md5
value:%PROGRAMFILES%\Adobe\acrotray .exe|901e67879848e9a8aaa5d89c1dd78ffd
distribution:1
category:Payload installation
type:filename|sha1
value:%PROGRAMFILES%\Adobe\acrotray .exe|3ea52353064e600829c5ac9d34cb50be6c27b2b3
distribution:1
category:Payload installation
type:filename|sha256
value:%PROGRAMFILES%\Adobe\acrotray .exe|fc05d8cc415a00a225946782675dfa66d1733cb558c9c9675b37f9b79c75fe85
distribution:1
category:Payload installation
type:filename|sha512
value:%PROGRAMFILES%\Adobe\acrotray .exe|4341a4b19fbe03b5494033ef22724c606493b6ec6d60a97ed69f6aea12dd26e24b105d9815d784e6ef0b83934c1ac765e06f5fc96bbf7de4fbc8231945815c43
distribution:1
category:Payload installation
type:filename|md5
value:urlblockindex_1_.bin|fa518e3dfae8ca3a0e495460fd60c791
distribution:1
category:Payload installation
type:filename|sha1
value:urlblockindex_1_.bin|e4f30e49120657d37267c0162fd4a08934800c69
distribution:1
category:Payload installation
type:filename|sha256
value:urlblockindex_1_.bin|775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
distribution:1
category:Payload installation
type:filename|sha512
value:urlblockindex_1_.bin|d21667f3fb081d39b579178e74e9bb1b6e9a97f2659029c165729a58f1787dc0adadd980cd026c7a601d416665a81ac13a69e49a6a2fe2fdd0967938aa645c07
distribution:1
category:Payload installation
type:filename|md5
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|ed885163e156454303e28dbdcdb146d1
distribution:1
category:Payload installation
type:filename|sha1
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|484fd0a80b959c2785684084b1c04dcfe961cef0
distribution:1
category:Payload installation
type:filename|sha256
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|91d144481003e7d8457b782b47418474eac4c58147295f41a7429bc56783072e
distribution:1
category:Payload installation
type:filename|sha512
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|e9a2ead7807bfd569920cd5ea892d8990472e3615e41ad9ad091f2c198c43de2af601d5e05b9832c9970bbc8524682460c1ff55bce901b8feab19a5f97cdd3dd
distribution:1
category:Payload installation
type:filename|md5
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|fd4c8d61fd963b89f8e346d01bdafc38
distribution:1
category:Payload installation
type:filename|sha1
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|1f6cc8d3a5c49b4198e4f042e7dc8e7292f38408
distribution:1
category:Payload installation
type:filename|sha256
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|68a886e92d3b7b644a239f2e11cce72348ac65be2bebbebba27b838de9767389
distribution:1
category:Payload installation
type:filename|sha512
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|622d75dfaa437eb11a5e21c5062d3b0b4eb60a5e2bbe59f2df2a8dc0ac9b7e9657d850d2295c5a0c1e554e97135842db3658093282b34ef826c1c420d1fdd4df
distribution:1
category:Payload installation
type:filename|md5
value:%PROGRAMFILES%\Adobe\acrotray.exe|e0b74c83619d135fa2cbabb17b9cc546
distribution:1
category:Payload installation
type:filename|sha1
value:%PROGRAMFILES%\Adobe\acrotray.exe|8ae837c48c8b0321d07687cef2917e640f12323d
distribution:1
category:Payload installation
type:filename|sha256
value:%PROGRAMFILES%\Adobe\acrotray.exe|1d4804b5b7d7fce9090ba06b055ad6f780d3281bfdfa67242dc0d9e1fc6949a2
distribution:1
category:Payload installation
type:filename|sha512
value:%PROGRAMFILES%\Adobe\acrotray.exe|e82961d47039542d5b73f04d69f18fd28d45bc0d9a4e714eb7e9815921b77e3aaee526289a8e06c85faa3572b03b5c07580ab7cd8ad1c730b9ae41c0e84beaf6
distribution:1
category:Payload installation
type:filename|md5
value:caf_1_.js|095eb19eaf3edff618332e6d0b606b85
distribution:1
category:Payload installation
type:filename|sha1
value:caf_1_.js|43ec426288cd858bfb05b0e22fe68ba80e66b955
distribution:1
category:Payload installation
type:filename|sha256
value:caf_1_.js|80d46bca0ed3436eb8b12f00143ed40df245d9ce470d219cd5295c273238f84e
distribution:1
category:Payload installation
type:filename|sha512
value:caf_1_.js|372d680692ecb55a9b93dc80f2dfcf246dd3b4cce1f8da6214855a378f296bc7711231a87677e226a07d7fec95f7783c7eedfea2777d1e211eefd7191d8779ad
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Recent\CustomDestinations\JGPO67R23O8CBHXV0TAO.temp|8b438932f76a5cde74bbb43115c8f7e3
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Recent\CustomDestinations\JGPO67R23O8CBHXV0TAO.temp|293a24579b297c71c3b8ee9469b68654c5782c28
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Recent\CustomDestinations\JGPO67R23O8CBHXV0TAO.temp|c601d48adc860bf96bc264f511b16788a55b7b348c5aca5db2416a2a54af6a68
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Recent\CustomDestinations\JGPO67R23O8CBHXV0TAO.temp|3b79bcd663fac11e01c9542fa2665e0335cc4fe89fafe4a68bd863292330182c538f608472f99760b5207b6df01ae541bf7b46ca842dd6fa8d445a27876b6922
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|a08edf5bbaa08d29490e23f4b92c4440
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|9614c47172efec3be29f423d2f0481f3bc44ad9c
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|7ab4f0f25c6c459a1d04e8588c33ebe6c395407e05b1328089f6aa4d9ac69d6b
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|5ae409ef213d2638a3ceb1b42d95a885c812f9579a2d4d71ed946a541816b4290cb797df712dd72326d84c53efed181e8778515fa89b4d3799a29834cae58a9a
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\MYU263BC.txt|08bc6a82639dcee8bbfe35ff23d6b53c
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\MYU263BC.txt|a92afe73f778247d0316960a2c43d9d792542160
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\MYU263BC.txt|1bda400d0480497bd429a7244c5a338c6c5f2e0cf14128cce12e7f7c1a7dddef
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\MYU263BC.txt|93aa5cb0a23e4bae983fd604c5be07ab2bafe8b0817dcc26ee83671adfa05a7d7eefeb3443c1b49f6bfd87441b50b68281e5f711c9554f53042b9cf5b0fcd63d
distribution:1
category:Payload installation
type:filename|md5
value:_519AFCFB-CB80-11E9-9709-0A0027579C7D_.dat|fad9e1c9e47f0cbb46861659fab27500
distribution:1
category:Payload installation
type:filename|sha1
value:_519AFCFB-CB80-11E9-9709-0A0027579C7D_.dat|bb1a4049100dad56de4589acb9e37479c119991b
distribution:1
category:Payload installation
type:filename|sha256
value:_519AFCFB-CB80-11E9-9709-0A0027579C7D_.dat|4bf2cb0e5eae6651a65959227ea1890abd14aae688fc3a460fda2eeb5cccd7cb
distribution:1
category:Payload installation
type:filename|sha512
value:_519AFCFB-CB80-11E9-9709-0A0027579C7D_.dat|688e854ed846af7528219ed00c0868420d013ff834a935bbeb322a542af0386357fed162023555a969566c8f4f625888d0ae803a4e115e316f200e14aa450ebd
distribution:1
category:Payload installation
type:filename|md5
value:%PROGRAMFILES%\1780093.dat|4352d88a78aa39750bf70cd6f27bcaa5
distribution:1
category:Payload installation
type:filename|sha1
value:%PROGRAMFILES%\1780093.dat|3c585604e87f855973731fea83e21fab9392d2fc
distribution:1
category:Payload installation
type:filename|sha256
value:%PROGRAMFILES%\1780093.dat|67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450
distribution:1
category:Payload installation
type:filename|sha512
value:%PROGRAMFILES%\1780093.dat|edf92e3d4f80fc47d948ea2f17b9bfc742d34e2e785a7a4927f3e261e8bd9d400b648bff2123b8396d24fb28f5869979e08d58b4b5d156e640344a2c0a54675d
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\ver6907.tmp|095c72688de7d90e6526dc0d8878f3f6
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\ver6907.tmp|a1cae182fb7e86c74fb5467c0014b2a27472be37
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\ver6907.tmp|8684403da59628039e9b4b0d245c5b7e1fac1242a087ded44eaf3b792e4a231e
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\ver6907.tmp|ab7fd229a6f532ae11e4cceb01f823810b33d5c740bc9f290c79646c422affc27ddb8476c931d6e4a9686eed970e219b6cebbf68f9a12b6c629b6816cde1615c
distribution:1
category:Payload installation
type:filename|md5
value:_B736F444-CB81-11E9-9709-0A0027579C7D_.dat|7228b872a90b7d571a2fab24d76f565d
distribution:1
category:Payload installation
type:filename|sha1
value:_B736F444-CB81-11E9-9709-0A0027579C7D_.dat|cf03c1e84a81043bc74d8347c41ef9da3ae3e94b
distribution:1
category:Payload installation
type:filename|sha256
value:_B736F444-CB81-11E9-9709-0A0027579C7D_.dat|0715f9aa826e8787a2f479aabcb8b40bd8b644be457a54538bd43e0bd539ba2a
distribution:1
category:Payload installation
type:filename|sha512
value:_B736F444-CB81-11E9-9709-0A0027579C7D_.dat|92a526f6f27942c0ea1e184e0f08b872d6c7e92da512354e77860fb02c32153682c6997ea6300dcb63edee0581242b61322b85fcad4dec408a98a2a0eea66b24
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|0b1dae970387465cd2c40abfcf38824b
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|a6a660346a2cb6d5e4e6b59e560da96a40e5e8c0
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|cf3ce277d099ee2889ffbc132c704c6202f5f844fde472bc8a58d7709ed47840
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|9966728db372b4726eb3e7f0e95d2636cb502031895781d708a999b6cfa93a014f210739431fab57feeb74cffb6f84933b795550dcb785e7449fc4ca440f47ce
distribution:1
category:Payload installation
type:filename|md5
value:RecoveryStore._F34C478B-CB96-11E9-9709-0A0027579C7D_.dat|822712fa4567d66332d8183cf931ba7c
distribution:1
category:Payload installation
type:filename|sha1
value:RecoveryStore._F34C478B-CB96-11E9-9709-0A0027579C7D_.dat|0651019718ff26e3f7adcea429a09b6701e699b9
distribution:1
category:Payload installation
type:filename|sha256
value:RecoveryStore._F34C478B-CB96-11E9-9709-0A0027579C7D_.dat|0f40dc35d5d1b0b6146c1f7b3c8478feb55eca89d9be1f3da539c7b64379b4d2
distribution:1
category:Payload installation
type:filename|sha512
value:RecoveryStore._F34C478B-CB96-11E9-9709-0A0027579C7D_.dat|6c3289f7478f0a157eee32ff9fd2838b4bf2f58f0473975d5efa4a70314ad5c8f113fe39f714cbe609b3685b08511d6176ade712a62d1dd216b8e4d857a37ee3
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|82474f10901a97135bffcf638f62116f
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|24eb0fd663b7d190902ed23da96de087e87ce0c8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|9b13bb32e4d3e6e5b323672b7afbc94c742f036096cdc868a1d310ab8c46e37d
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|c403f0eaf8faa5f648323e530a7e02ebda292805b702773ef5491f355140644742d6b0f1db062324c9b83a8f6784597c2f6933c22a38af61ed073b1ce01526c2
distribution:1
category:Payload installation
type:filename|md5
value:bullet_1_|26f971d87ca00e23bd2d064524aef838
distribution:1
category:Payload installation
type:filename|sha1
value:bullet_1_|7440beff2f4f8fabc9315608a13bf26cabad27d9
distribution:1
category:Payload installation
type:filename|sha256
value:bullet_1_|1d8e5fd3c1fd384c0a7507e7283c7fe8f65015e521b84569132a7eabedc9d41d
distribution:1
category:Payload installation
type:filename|sha512
value:bullet_1_|c62eb51be301bb96c80539d66a73cd17ca2021d5d816233853a37db72e04050271e581cc99652f3d8469b390003ca6c62dad2a9d57164c620b7777ae99aa1b15
distribution:1
category:Payload installation
type:filename|md5
value:%PROGRAMFILES%\1780187.dat|4352d88a78aa39750bf70cd6f27bcaa5
distribution:1
category:Payload installation
type:filename|sha1
value:%PROGRAMFILES%\1780187.dat|3c585604e87f855973731fea83e21fab9392d2fc
distribution:1
category:Payload installation
type:filename|sha256
value:%PROGRAMFILES%\1780187.dat|67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450
distribution:1
category:Payload installation
type:filename|sha512
value:%PROGRAMFILES%\1780187.dat|edf92e3d4f80fc47d948ea2f17b9bfc742d34e2e785a7a4927f3e261e8bd9d400b648bff2123b8396d24fb28f5869979e08d58b4b5d156e640344a2c0a54675d
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7|588c0ef2afaaf73def92cbb4bc8a384d
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7|0aa4e4bb8ac2faedb310aba9f4210d320b574b38
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7|534f7263dafe6da799c90ad169283a2654e78c3065368e6d3e4acfba43e34b68
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7|733b16bbdc1cc6483d58f490c8acebfe848d613054cef770841e1617ad31859a7c848892f0ba4c701ed4d94a15b6b0e499b24c531c291da4ff054951662719a6
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\0TEOSQXK.txt|c28658714a88477e358ee73f29888560
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\0TEOSQXK.txt|a6d4b584a354f9ca1c994285ae13a11c812cf096
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\0TEOSQXK.txt|1dfd84faaeb715ef0c30d0b668b70814db0e3c9c0b73ead6da5e2fdd843e0f9a
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\0TEOSQXK.txt|d00d99b73f646279b49cd44f5c6a130ba28669547b3e736cb1e902594a59d13b9e6f6913c8764d48b4921d6e1be1bfd1a6042598dda99a98712d6d4f420c3962
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DF600E4F9C52D126CC.TMP|8f86ee9cb9da0e081a5583895029432e
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DF600E4F9C52D126CC.TMP|44c358e4bca7a9ebe43c491759ba373d69bc3951
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DF600E4F9C52D126CC.TMP|065dd71308383be8f444741adbd6808ede240a5e1dd213bdde017b33c7d7ebbf
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DF600E4F9C52D126CC.TMP|e5e737e92d84c07ba5d16a393e213a1c171079abdc029ca32b4ecd792fca706abf44da1348e31dece9353833b024e66e459f2f9c42ba201922ded2ce524f4c83
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\06HLNZRE.txt|243e53ed5ce7273ea2e17a4b8d86d1d5
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\06HLNZRE.txt|14a208bccc4100aef93fecba80efcf911ed1ff60
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\06HLNZRE.txt|a200c10b9ab2db2eb4dcca5b9411e635068220d9c50690af1e4f370bd4151018
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\06HLNZRE.txt|3a40ee23dd23f30727f7cee978e79d9b344b9fefd86f0eaa16f3cad9895d88854da916938f357ff5411c2e5ffafb7f9cb518e91406e741e2fb58c46db029c906
distribution:1
category:Network activity
type:ip-dst
value:172.217.4.196
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\J0RFW0SY.txt|49b279d8ad06e980da8bf4b44c621cb1
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\J0RFW0SY.txt|f1d72092716ac06a0b955217bd8259acb2ee24aa
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\J0RFW0SY.txt|6663ea22b2fbc29a7a20c704f841b35434f5891e775bac8c011afab49fb4072f
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\J0RFW0SY.txt|b621c3487cf7b52cb656a3ae12357440819498af63fee37fa73075ca470ab763b3657ddf85973f36e37b8304369e64934ebb69fba574e6a95002b63bfa7c4968
distribution:1
category:Payload installation
type:filename|md5
value:caf_1_.gif|55fade2068e7503eae8d7ddf5eb6bd09
distribution:1
category:Payload installation
type:filename|sha1
value:caf_1_.gif|317496a096d6c86486a71d4521994bcd171a6bb3
distribution:1
category:Payload installation
type:filename|sha256
value:caf_1_.gif|e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
distribution:1
category:Payload installation
type:filename|sha512
value:caf_1_.gif|a9adb9feea4bc14b9c34ed17cd30f8cb36dc686e9f69a292fe65bebc195be4714391fd98ec7b67bfd363fbbb6089c41a0b7cab5130b50b461748e668cac75621
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UXTWTJR\17MNECNV.htm|c7be8052df05b1228d2d6b3c23fed89f
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UXTWTJR\17MNECNV.htm|4c7d762e05798bd68d0b6c340662a569aa382f3c
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UXTWTJR\17MNECNV.htm|0d8c2926d2650a6dcb35170f9a8910eb4213a7e30183ce43ae32c390724b130b
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UXTWTJR\17MNECNV.htm|91db3b50dc50d2cd083dfa4c2c0fc869b1985525017a7829925f5c4e4cba9248c09d0427f64ccdca5138730c2376d0d2fbd5029a45ab4086489fc044c3959faa
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|7dd61857ac2f1c2f72584447711a145e
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|da862eebd3749258f859d1d2d597de7a3c5cf235
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|0daa1073eae7412fa78dab81b3fc80d929278141d4b47e72d9df15d74d3562a8
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|af237e5b0af2c9d10004ad0e6322c207b7de8e87ab5d18e4176fbd08bc534f031a7197d5a9b0893c777da76231c2374444bd69603e68dd68e4d05d77f65ec7d1
distribution:1
category:Payload installation
type:filename|md5
value:_4F8908A1-CB8D-11E9-9709-0A0027579C7D_.dat|03dcc58649eac39e6f8e6e177e22be47
distribution:1
category:Payload installation
type:filename|sha1
value:_4F8908A1-CB8D-11E9-9709-0A0027579C7D_.dat|d585d8c1cdd6cd9f0693943457d5bdf9ef817596
distribution:1
category:Payload installation
type:filename|sha256
value:_4F8908A1-CB8D-11E9-9709-0A0027579C7D_.dat|404ba27ae9a4a963efb18af754e84e058e79b65b93acb2105eb6503497832e7a
distribution:1
category:Payload installation
type:filename|sha512
value:_4F8908A1-CB8D-11E9-9709-0A0027579C7D_.dat|5fa1ee0c64edbb8cb2c9a1036a6c346b49076e447edb82bf6d5f5e6eae85a2e4a568fb9481a7e801917532d31a959cca7b220baa5525fe0dc018f824790823d1
distribution:1
category:Payload installation
type:filename|md5
value:search_1_.htm|85e6d378ce5ac2c6b41d95739e75b734
distribution:1
category:Payload installation
type:filename|sha1
value:search_1_.htm|7998cbb71dd1414fa6c836abfc31f97ceafe4c8d
distribution:1
category:Payload installation
type:filename|sha256
value:search_1_.htm|c4e40ca5644a25562e5f763f7fca8b2018722bc3e76ff340bcf3df8875e6406a
distribution:1
category:Payload installation
type:filename|sha512
value:search_1_.htm|c915f0b88cec878f88fe00d5c672027a2856ee7e7e2573b85625eec336c6b8612d9b1ca21c72234c6a43e0f72473af421921e3d4106efd7b81970c78d1c60f07
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DF1B95D7D2BB669202.TMP|b59e7691e62aa7ed4d88b6867ad8c0c7
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DF1B95D7D2BB669202.TMP|7e5caf45e38dccd374648d8c9628105eabc95e3f
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DF1B95D7D2BB669202.TMP|ab54700c63dc90f39cfe67248ee34021b3a4c148d61e67eee283ddaab4b2f540
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DF1B95D7D2BB669202.TMP|629f153e1ada1f08ba77e02c05c92ca198291704434ea165a67c8bb440375aa1cad818fe18becf698a67d979b374e052da7b57b06a14cb52b4bddd2c021cf501
distribution:1
category:Payload installation
type:filename|md5
value:ErrorPageTemplate_1_|f4fe1cb77e758e1ba56b8a8ec20417c5
distribution:1
category:Payload installation
type:filename|sha1
value:ErrorPageTemplate_1_|f4eda06901edb98633a686b11d02f4925f827bf0
distribution:1
category:Payload installation
type:filename|sha256
value:ErrorPageTemplate_1_|8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
distribution:1
category:Payload installation
type:filename|sha512
value:ErrorPageTemplate_1_|62514ab345b6648c5442200a8e9530dfb88a0355e262069e0a694289c39a4a1c06c6143e5961074bfac219949102a416c09733f24e8468984b96843dc222b436
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|82474f10901a97135bffcf638f62116f
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|24eb0fd663b7d190902ed23da96de087e87ce0c8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|9b13bb32e4d3e6e5b323672b7afbc94c742f036096cdc868a1d310ab8c46e37d
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|c403f0eaf8faa5f648323e530a7e02ebda292805b702773ef5491f355140644742d6b0f1db062324c9b83a8f6784597c2f6933c22a38af61ed073b1ce01526c2
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|5fb67f5f9c2e3f5bf1bb009c16cc5c75
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|f022c74dc5274b2f57a1274320ae48059a5c0087
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|ba8244563edb9db5d7bc6c3963eed2c3580572d2208189fb0de4015dcd7ee7a4
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|d21fcd6fd5c0510e4448b0b842d0403c4b9d329338e9d8ba0054cd1a18d498605b4068b58f80c4fe037ddc19b0088533a801bcea0dde28837c0d432b53cdae76
distribution:1
category:Payload installation
type:filename|md5
value:caf_3_.gif|55fade2068e7503eae8d7ddf5eb6bd09
distribution:1
category:Payload installation
type:filename|sha1
value:caf_3_.gif|317496a096d6c86486a71d4521994bcd171a6bb3
distribution:1
category:Payload installation
type:filename|sha256
value:caf_3_.gif|e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
distribution:1
category:Payload installation
type:filename|sha512
value:caf_3_.gif|a9adb9feea4bc14b9c34ed17cd30f8cb36dc686e9f69a292fe65bebc195be4714391fd98ec7b67bfd363fbbb6089c41a0b7cab5130b50b461748e668cac75621
distribution:1
category:Payload installation
type:filename|md5
value:caf_2_.js|244f53dfe0bda56f3c486f70a49f5687
distribution:1
category:Payload installation
type:filename|sha1
value:caf_2_.js|ebeb29c4d7a175aa5b449eaf391ff6b73e3ac390
distribution:1
category:Payload installation
type:filename|sha256
value:caf_2_.js|599585f9d164ee950f759132b5c2b5902182099e746d4dc902c17ce542f71113
distribution:1
category:Payload installation
type:filename|sha512
value:caf_2_.js|f5806ce9546f04f56a137d48172100c8b46627497bbc42a5547dc71786aef4d27b695d323a2cafb56aa8ba4492320e6fe65995061d7015bfb13e475924542884
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CBEDTMAU.txt|5b3df477e4913b2a15f1c85b1aeca845
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CBEDTMAU.txt|296232ebfeb4f8b635dfd1af3ee64fbf7e97ad97
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CBEDTMAU.txt|6cc0fe3003f246981e13cf46501c8a27dd5b8f77bdd04c8852de9ac2e84f7172
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CBEDTMAU.txt|34ba110591b20a07e78a3f654e9208e74615293db442dd4a54ca8c833d0bac3c5d4d98d86001749cabd0ac6e17416c686cc7c9f2bd8d26364b333de2feee31e4
distribution:1
category:Payload installation
type:filename|md5
value:landerParams_1_.json|d2271dfd929e131cdc376b43bb4181d2
distribution:1
category:Payload installation
type:filename|sha1
value:landerParams_1_.json|cca6798b4843ee5ba1d8ee2ccd45317bad8d6e22
distribution:1
category:Payload installation
type:filename|sha256
value:landerParams_1_.json|b15d71e438d892b1038e0d52769c340ca34ea8da7a68edaf878b064edf8bcc76
distribution:1
category:Payload installation
type:filename|sha512
value:landerParams_1_.json|8f76a0245fd77dbe721f7292171c57c34c0c3c3e56e2484a3559cb9c559cc885fdfc87b258353356f12464c886b234b7a1c8b89b892623325793a49b47658ac1
distribution:1
category:Payload installation
type:filename|md5
value:favicon_1_.ico|9fb559a691078558e77d6848202f6541
distribution:1
category:Payload installation
type:filename|sha1
value:favicon_1_.ico|ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
distribution:1
category:Payload installation
type:filename|sha256
value:favicon_1_.ico|6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
distribution:1
category:Payload installation
type:filename|sha512
value:favicon_1_.ico|0e08938568cd123be8a20b87d9a3aaf5cb05249de7f8286ff99d3fa35fc7af7a9d9797dd6efb6d1e722147dcfb74437de520395234d0009d452fb96a8ece236b
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|cc7425e6f6a268a188a9bc712c19bb5c
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|da41b93aa0585d5174d4cedca684e03de03b3874
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|9c2f5ea339d1ce24dede73a13a748ec063e39f75713f50dfaf8e65d7725a8313
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|2eabacae02e0d6fc5ce579e12e33d2bba9b49e6381016712b32cf25e4bcfeda60379b032d18bbd684cd123fa7c8550a18d4e9ba6c8a556f68caa01a35f17a205
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|7e9c60b67462391e7259aaaf513a5bb8
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|ee3fdfebc71e0a504207019f36b92609ac889fe4
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|5a29afffdf6ccfd97461b1eedc35151716a985bbd16351baee50c0d8f32440ba
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|4e0351cd54f9bea098c9e313ece7f906898a885b7235ff38c173a5fa39dfae739c98d959d318686a3db19008155062e2bb82695664238d5ad1bc75d8ba2eec2d
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|a4206fb2bc553c0f49ab0027558959a2
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|18b4fa15b541dd5382cf68f92886278f1121b947
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|a70ae29cb134857b88696b0daa9216a68e0d3c618b79a44fcd03f928516c527c
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|c05cd9e6898e39a9d67470ef95151835227779fa2a225c291da34e86eaf1d46607fe1ffe3523d548fd202817bb34666b3f9fe54b292c0859b38ec30fa904960c
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\HVUAUZ9B.txt|dd14cfeaa6a21d74d8233418eaa40d2f
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\HVUAUZ9B.txt|f0ff31e5bd55c16e4d0ee7f0a35aa24514c676af
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\HVUAUZ9B.txt|5428c3bd497eef6c78bf3c94588976f759e708472715be153f887a1537a7bfff
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\HVUAUZ9B.txt|d0bd7e685a0fc42c41d81bd5f5396b7bce527d96f27ff74f00594c8fc2b09d2f5895b1bcf74343f6c43d34939f77d9dc6e00112d90fd7a420665b7a812e53e76
distribution:1
category:Payload installation
type:filename|md5
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|c56d8532c00d3f61c882938274c417a9
distribution:1
category:Payload installation
type:filename|sha1
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|acadca3d01446de05226eebfd9fae1350d6e2b5b
distribution:1
category:Payload installation
type:filename|sha256
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|40c443906898ab162787fdca81ef0b21c749e37f2ec2f56f120d828869fec2ce
distribution:1
category:Payload installation
type:filename|sha512
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|c7e875c5aee468bf9a15242c9444753f0b8504e5dd8e0a8f83170b866f2717f02af5fe0d2b62ba4ffd37911046f1e4a111ed7a2b23f5fa837ff969b9b4d96e23
distribution:1
category:Payload installation
type:filename|md5
value:search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico|9fb559a691078558e77d6848202f6541
distribution:1
category:Payload installation
type:filename|sha1
value:search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico|ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
distribution:1
category:Payload installation
type:filename|sha256
value:search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico|6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
distribution:1
category:Payload installation
type:filename|sha512
value:search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico|0e08938568cd123be8a20b87d9a3aaf5cb05249de7f8286ff99d3fa35fc7af7a9d9797dd6efb6d1e722147dcfb74437de520395234d0009d452fb96a8ece236b
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|251488700c95d191f2374899a13e6d3f
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|7c894b8410d05f62a92e5f6f4045925ed0437232
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|ed1e380c7ccb30d6efa0b5fd832d0de388d7c9699e2bdee86eef4cb9a202ccc0
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|e3912db80ff6a9950fa8a154251da7ddb0bd490eebb6576c2293b6c2a134bfc30b65b60223cf3a9448983ec892082495738024791aebf1c3fa9d66bed262eeb6
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|4d5d3d707648b97510695f6755c23c1e
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|07ce04b025437085e94c67b916077416db37d482
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|cb3b449949f0d4f7b1ef53b040341b8fbdbaf273671e18a5c5bfd600e9741614
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|5dffe8416aad4cb0175f6c0e6953c0928a7cd2ba9f2c7f93d010f5e59966b662a5a8a8f79369035a9a7d64abfcbd9f64e11cddcc6e9548d0f9f39e939d50d192
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|1ff1b1de5f15089b30032d33e38e16fd
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|006e108f8b84cc798542d8cfe72e6ad2635ff646
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|077a813c7acbe6109324342d5f1229da96482f78d9674f1f8d264b765cf7f02d
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|b1e7a8a3a58caafc534b8873ad4cce252a6516360022a0cfb1e22323fda0f0dc7a7dcad7e689bb7a92ddd89c53bd1023265cfb7b263b2b4bf3826d850266c4c7
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\B20CB7VN.txt|67dfdaf7e1fb37eca7867f2bb422c0ee
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\B20CB7VN.txt|424543ffb56eaaa5cc0f0931ca51daebd7a1b49a
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\B20CB7VN.txt|ed65ef1758f4841e071c807059f122c495167344aab2be0a17c7f3a3af892502
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\B20CB7VN.txt|ff3b60e970c1527233d9fbec4c82eb0d85ee38f91f011fb42f3f23f071960f496f317ba1ca7b4d62236425ac1ea18d5078cfd6985eec779767e8ee6dc33ea12f
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|85b83b85a018a934e9adca6863dfc0c7
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|e20cf77b4daf2f1866e798f2cb1b2caa0be2cdb9
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|3f565a316f845b3fd0fd1d9914898b19bc71a219551df03ff29070609749a382
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|063e1b46c585c1b0fd894bb00544447bb697585701626bfb7c346550b154826fadc5e3721dcee6dd9c422575c10c9a1d6f7d3caef6fbea46b7eb614e3d01c400
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\Temp\~DF1A954E8FE2D8A5E6.TMP|1e39a45ccfa1285a1f2cbe4f9d5c9912
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\Temp\~DF1A954E8FE2D8A5E6.TMP|860ebc04269025c68cae39c53717b4b0d048999e
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\Temp\~DF1A954E8FE2D8A5E6.TMP|94745209a7eed3f8695d1049a9d67c996317c505fce667d3331fcae2599671b6
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\Temp\~DF1A954E8FE2D8A5E6.TMP|b79344488faf0fc2716523140e2d72b7424643dfe136a3925be116df99b025c38cbd1ce304d52743f10e244af34342b81d9d9cf83625e13b25ab0887212d8be3
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DFD77288ED1414077D.TMP|3c4d94c2ab39503af721fefab894bfe5
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DFD77288ED1414077D.TMP|b3a00165cbe4c280612f86a95442dc21a94b1b12
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DFD77288ED1414077D.TMP|31ef84ed6916e3993824caa6871f221d7a429f0210e0afa5cfbbc278edc5af5c
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DFD77288ED1414077D.TMP|5f443b19b3309b05df17091b4acea5df636c81c210a1805ceced8647d16d7ab0cba0e0ee2559c7d1c8283772a4d1f9f552f8870a3456c45fce88ecfae8eb641c
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKDNCXYS\3ISZ7357.htm|ee270df5df8fb166207ddbfbf981ff7b
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKDNCXYS\3ISZ7357.htm|eb567431d94e62329e46f73bab46515c474230c5
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKDNCXYS\3ISZ7357.htm|ec670e7a7697e5b7e84b3874eb4f0b1882b3dc189ae542aa3cd8de59e3c352bb
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKDNCXYS\3ISZ7357.htm|abf418c30d1db5469ae156635e7aee33f09ec1be80c97174b88df70b6edaf54e43e80b5c8d6a66b9be1d4bf9f4be97a59e526146efb1fd5f57d09276e53bbae1
distribution:1
category:Payload installation
type:filename|md5
value:RecoveryStore._519AFCF9-CB80-11E9-9709-0A0027579C7D_.dat|dc3971bfb6baf311f24f9167b4a76aad
distribution:1
category:Payload installation
type:filename|sha1
value:RecoveryStore._519AFCF9-CB80-11E9-9709-0A0027579C7D_.dat|d8ff7027e1a4b276d7c1a4fe72388ddb077bbb2e
distribution:1
category:Payload installation
type:filename|sha256
value:RecoveryStore._519AFCF9-CB80-11E9-9709-0A0027579C7D_.dat|813925d9f288cc4cdc83a145b27626a69b2567b67758be3d302977439f93feda
distribution:1
category:Payload installation
type:filename|sha512
value:RecoveryStore._519AFCF9-CB80-11E9-9709-0A0027579C7D_.dat|e932daa01d827f5a3637068ffe671bb34783aa2ca2d2846d08917caeac1743c3d0c0a2189d8352bb3c63a3ad28a4dc5d04cf944979d8a57c9e03fe9c18ad7282
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\0O2PO8CI.txt|40514f63aa19a59c74c72be93668dd67
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\0O2PO8CI.txt|3ef07dbde5811984fcb04845fa78dbbb7e19e33b
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\0O2PO8CI.txt|0f7115895863f3ef8649073d5ef34c159dcfca6a3723c4122d21f0b9b9f1ff17
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\0O2PO8CI.txt|3570fce2a3d212ec4e36cd31160bf3d9f2b182c63a2cc54e75b30c0c4a23f2fbe4cee35984546d6c6fee9ddc04d15454663668b0dbf629a6172af2bfa7cbebfb
distribution:1
category:Payload installation
type:filename|md5
value:background_gradient_1_|20f0110ed5e4e0d5384a496e4880139b
distribution:1
category:Payload installation
type:filename|sha1
value:background_gradient_1_|51f5fc61d8bf19100df0f8aadaa57fcd9c086255
distribution:1
category:Payload installation
type:filename|sha256
value:background_gradient_1_|1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
distribution:1
category:Payload installation
type:filename|sha512
value:background_gradient_1_|5f52c117e346111d99d3b642926139178a80b9ec03147c00e27f07aab47fe38e9319fe983444f3e0e36def1e86dd7c56c25e44b14efdc3f13b45ededa064db5a
distribution:1
category:Payload installation
type:filename|md5
value:suggestions_1_.en-US|5a34cb996293fde2cb7a4ac89587393a
distribution:1
category:Payload installation
type:filename|sha1
value:suggestions_1_.en-US|3c96c993500690d1a77873cd62bc639b3a10653f
distribution:1
category:Payload installation
type:filename|sha256
value:suggestions_1_.en-US|c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
distribution:1
category:Payload installation
type:filename|sha512
value:suggestions_1_.en-US|e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
distribution:1
category:Payload installation
type:filename|md5
value:_A61F160D-CB84-11E9-9709-0A0027579C7D_.dat|1da157cab5b7a531690f102826f25a8d
distribution:1
category:Payload installation
type:filename|sha1
value:_A61F160D-CB84-11E9-9709-0A0027579C7D_.dat|a92fb4a0b919b5d93acab39fe87dc02a28c4ed9b
distribution:1
category:Payload installation
type:filename|sha256
value:_A61F160D-CB84-11E9-9709-0A0027579C7D_.dat|650fec58bfc5bf3d66c4298706590a65e8dcf79ab9f6212557630763d4b1a451
distribution:1
category:Payload installation
type:filename|sha512
value:_A61F160D-CB84-11E9-9709-0A0027579C7D_.dat|15f3732d954a8bd7f9133b0ae107f39c2e6ce251bdce46106be3256229392f2efa098403f829126261755e1a2a8662624af19baa4d2e545575ddffc27fa6bef2
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\CPV4TCQ4.txt|7489e3c996470f8fa7d0e48fed5120a2
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\CPV4TCQ4.txt|2035b966bf1495b76c728179ea24e11852dfa0d5
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\CPV4TCQ4.txt|163c88d28ea743513a3f35f41925b8f5a0c256be4a5b2a59d0c5027bdbb18097
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\CPV4TCQ4.txt|a3d156214803bcba22df9236fb0359fdf8bd637d9c87d720fc29802919ff4afc27b0d47fbfc241b3d3941c7abd71cded2b5d12386c3ee74fb0597fdc47dc51d1
distribution:1
category:Payload installation
type:filename|md5
value:bullet-arrows-orange_1_.png|31f21bbaaf88b740f21fe900701a8373
distribution:1
category:Payload installation
type:filename|sha1
value:bullet-arrows-orange_1_.png|75f71c5ed4e44505a12c453e76cb1c10953acb6e
distribution:1
category:Payload installation
type:filename|sha256
value:bullet-arrows-orange_1_.png|6bd48e5cbf3c20acab72dceb7208e9da630d34d4eb41ec165e168df9bec92684
distribution:1
category:Payload installation
type:filename|sha512
value:bullet-arrows-orange_1_.png|5a3fee420bbb3d997ae40a3530721e181bb71bdfa2d54807da227c1a11f50fb9bfecff979f53725ff83a89a9fe1251d4db94d247160873b00d13ed12b2bdb349
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQW0X29Y\MR77R626.htm|dacfd36053da93195576ec5af242230a
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQW0X29Y\MR77R626.htm|587aebdbab10365a877c2fb6b021a03b7a1b5e66
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQW0X29Y\MR77R626.htm|386467c44a40bb1bb0c9e18920ed3eab1a2d8e3f97e7fa868d19fc9b12eecad0
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQW0X29Y\MR77R626.htm|c9e25a79219dc89b0fc947b01ef4b62c57a9aa886442b69832e602da646ea7fab93f16dce233f196708f741946084c5ae4ee29331fd3899da330231b1fa7191d
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\PTSUM0H1.txt|264a26829f20cca78b289c5ee5678f53
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\PTSUM0H1.txt|56c888b65b6235b33f585856011dd0d9f6236e40
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\PTSUM0H1.txt|eb35ca442e9ffa3cb27afbf8e1241293ef1505bb5774a30c794f41a158bf0a45
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\PTSUM0H1.txt|9933307e6f41ec27011ca6df395b90f8601067ca03fa7cd225091b0bd337c2aa2434b4c50204d9201bc2f468f5749b319812a271b3a4fc9623cad78ee7e8d08f
distribution:1
category:Payload installation
type:filename|md5
value:info_48_1_|5565250fcc163aa3a79f0b746416ce69
distribution:1
category:Payload installation
type:filename|sha1
value:info_48_1_|b97cc66471fcdee07d0ee36c7fb03f342c231f8f
distribution:1
category:Payload installation
type:filename|sha256
value:info_48_1_|51129c6c98a82ea491f89857c31146ecec14c4af184517450a7a20c699c84859
distribution:1
category:Payload installation
type:filename|sha512
value:info_48_1_|e60ea153b0fece4d311769391d3b763b14b9a140105a36a13dad23c2906735eaab9092236deb8c68ef078e8864d6e288bef7ef1731c1e9f1ad9b0170b95ac134
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|6f8ca62c163748b93c6b9bf75f5a5f3d
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|00d30f3f7ed6813af2bf0bc56fcd45e0d2d4e052
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|30b50e5ead852e767777930728a196bf4239d74b591936b9dcdcd1f871b873ee
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|060ef54553725a2dcec22d5fa6e0cda75664ecd3ea31f7a9fce52b907f7b331509ee3af59fc8ec70ed6989d03f03851547ee9bc9992ca75c76988d1761c6cba7
distribution:1
category:Payload installation
type:filename|md5
value:bullet-arrows-orange_1_.png|31f21bbaaf88b740f21fe900701a8373
distribution:1
category:Payload installation
type:filename|sha1
value:bullet-arrows-orange_1_.png|75f71c5ed4e44505a12c453e76cb1c10953acb6e
distribution:1
category:Payload installation
type:filename|sha256
value:bullet-arrows-orange_1_.png|6bd48e5cbf3c20acab72dceb7208e9da630d34d4eb41ec165e168df9bec92684
distribution:1
category:Payload installation
type:filename|sha512
value:bullet-arrows-orange_1_.png|5a3fee420bbb3d997ae40a3530721e181bb71bdfa2d54807da227c1a11f50fb9bfecff979f53725ff83a89a9fe1251d4db94d247160873b00d13ed12b2bdb349
distribution:1
category:Payload installation
type:filename|md5
value:dupe_1_.htm|85e6d378ce5ac2c6b41d95739e75b734
distribution:1
category:Payload installation
type:filename|sha1
value:dupe_1_.htm|7998cbb71dd1414fa6c836abfc31f97ceafe4c8d
distribution:1
category:Payload installation
type:filename|sha256
value:dupe_1_.htm|c4e40ca5644a25562e5f763f7fca8b2018722bc3e76ff340bcf3df8875e6406a
distribution:1
category:Payload installation
type:filename|sha512
value:dupe_1_.htm|c915f0b88cec878f88fe00d5c672027a2856ee7e7e2573b85625eec336c6b8612d9b1ca21c72234c6a43e0f72473af421921e3d4106efd7b81970c78d1c60f07
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WCQBBP1I.txt|6853df91b5e221d6ac8b1d4d00baaf0c
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WCQBBP1I.txt|a808da0463b00642b9ca84a71acaadeee20f0d91
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WCQBBP1I.txt|d5440144d7f34740b8ef564d7908c75780740380c22fa0ddf8832f450bda11f0
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WCQBBP1I.txt|288267b6f4fd24f51df8ac4378b32e7dafed7f2e9a96280433b410d718c8cf4d01113fda088f80bd14bf36786ab9f615b1e71ab6f405077456548f3a8e5a730d
distribution:1
category:Payload installation
type:filename|md5
value:caf_1_.js|7e01ccaeb278b75191fee65273b329a8
distribution:1
category:Payload installation
type:filename|sha1
value:caf_1_.js|34907594301b0d148d4ba582253856594bd6782a
distribution:1
category:Payload installation
type:filename|sha256
value:caf_1_.js|d28ba53914033ec9303dbea9946e74f38e3b96e88b9ea26a2dc09a405c9c892b
distribution:1
category:Payload installation
type:filename|sha512
value:caf_1_.js|4d1dccf6ab87ad73a0ea8639872300426c8b347a7e9da8300527e7a037c734368f2d1dde41a258b35d69fc881efaed7618be4372e047a2b4b8418af22e851b35
distribution:1
category:Payload installation
type:filename|md5
value:main.b0434fd9_1_.js|cd052864fef0a75c2b506b42e1a784af
distribution:1
category:Payload installation
type:filename|sha1
value:main.b0434fd9_1_.js|8df1aeb9d4a903e2e4c10be5ea0c0111c5bb75ff
distribution:1
category:Payload installation
type:filename|sha256
value:main.b0434fd9_1_.js|858ed3ec23aa92070a7cd7e9b4ccda14820e8bb4de2f18de87f21dd98121c5c2
distribution:1
category:Payload installation
type:filename|sha512
value:main.b0434fd9_1_.js|cd2d1f44c95015c22918d69e871255f641fa50f94d923c3c02a6bf6ff29a74cf2f0b4fcef909253b7b3509cbefa8fcdbc5fc4db808b23bb622819568ea76fa43
distribution:1
category:Payload installation
type:filename|md5
value:navcancl_1_|4bcfe9f8db04948cddb5e31fe6a7f984
distribution:1
category:Payload installation
type:filename|sha1
value:navcancl_1_|42464c70fc16f3f361c2419751acd57d51613cdf
distribution:1
category:Payload installation
type:filename|sha256
value:navcancl_1_|bee0439fcf31de76d6e2d7fd377a24a34ac8763d5bf4114da5e1663009e24228
distribution:1
category:Payload installation
type:filename|sha512
value:navcancl_1_|bb0ef3d32310644285f4062ad5f27f30649c04c5a442361a5dbe3672bd8cb585160187070872a31d9f30b70397d81449623510365a371e73bda580e00eef0e4e
distribution:1
category:Payload installation
type:filename|md5
value:search_1_.json|449f61c84cd2f7342f95403c908c0603
distribution:1
category:Payload installation
type:filename|sha1
value:search_1_.json|08afdc36927b6c4e03c3088e5c9c812cc4215ede
distribution:1
category:Payload installation
type:filename|sha256
value:search_1_.json|19170bd75edc0b5183a2f9fcc3001d9d222deff61e5915ad1127b65ab581a2a1
distribution:1
category:Payload installation
type:filename|sha512
value:search_1_.json|f0656bd94c8e33ffaa08a5630f9b7d254ef4297a30b280a802b3bbd4fb8a6e6ac1dcdffb53d09325163ad2bffc0768247c9bf3a40160023aef4c9da59c738a9b
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\9KITDQ8U.txt|cbef6391bd29a003a6df83c3362fd9fd
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\9KITDQ8U.txt|25378c892069c85081a47094ae1feb575d1301e3
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\9KITDQ8U.txt|8c21d3841bf16c854962679ade973dd6cde28615627a4af8612b350f1ebf9d1c
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\9KITDQ8U.txt|2742574fb75a7ef44fcb341db3fd4f91ad9614737817e10bb5d391eb1c8c690418dd831b401086fe05442b4cb786213b3b901fb5c17eda174cd5d1b9a846d281
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\R837292Q.txt|2295290aec881ea50f159a4e23c881da
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\R837292Q.txt|a6f9773356497c4a39c741a20bd07fbe52eefed0
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\R837292Q.txt|62856f15ee1375d4ec110f964728543cb68080520ab3285327e1fc7ff3ab0972
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\R837292Q.txt|a013155bba68c375ab4f8ae7eaec71052a8716c94d9cd5741994c71528b9be6f264356569699a6dc1a8534bb1e9b3ffbe271fc63c09fdeaaebb18fd1a36b306e
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CT9WYXUY.txt|2d12b85eb992b2c1363aa879862dbdcd
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CT9WYXUY.txt|c2edba1e394fcefa3a53acc20c50ec705f9fe15b
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CT9WYXUY.txt|9aa834065a1dcffd611f275ef6162556a0dfde4ffb2296548412ec6474d0cc02
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CT9WYXUY.txt|c7d1171357bf07cbf7858234e52d5f433fa73f6b822d2d62c341581e02ad4e96b37a9f67c4ac52ffc772c612dd14bbd7bd8aa372329661c08cd7bdbd38c4860f
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|4ee9ba2c146d091b23296a0af086b9f4
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|b3173b4bd655b9d18d380d021ed33999793792bb
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|a0b278207f63c7d26f2a2f23a21a422c6b332ffe65f234bccc49f4ab04ac4a09
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|a3f22b7b4f9fcd1e4ae420635209c69048ba2ec7fe7a712d317bfd38d1e35cb45f85742a30129038b33cc2f854d1b68aa7c91e1486b2257d88546deaef9e6810
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DF59953A0F159CBFB8.TMP|d671917016db90db80cfce23586e8ce9
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DF59953A0F159CBFB8.TMP|cc5ad996032efc92d08d364d463340f81413bf4c
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DF59953A0F159CBFB8.TMP|3cec16af8f30c292580b17dbe07bf898cd9ffc9b0d3f95a606fafcf7809264fd
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DF59953A0F159CBFB8.TMP|1965ab064f012d139539a3c8cdde8d211f08fc2ae8cc6f1dcd69b930958ac1abbbca08d288b9648e9174c7e323c03ac48735cc1ad4fb9936a733e346541c5972
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\ver57A2.tmp|095c72688de7d90e6526dc0d8878f3f6
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\ver57A2.tmp|a1cae182fb7e86c74fb5467c0014b2a27472be37
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\ver57A2.tmp|8684403da59628039e9b4b0d245c5b7e1fac1242a087ded44eaf3b792e4a231e
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\ver57A2.tmp|ab7fd229a6f532ae11e4cceb01f823810b33d5c740bc9f290c79646c422affc27ddb8476c931d6e4a9686eed970e219b6cebbf68f9a12b6c629b6816cde1615c
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|5e6b3046cc3b70e0f5ad9ee1fa37ccf6
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|d0b0eb57b7c70c1dfee247c97fd2453d7fa98318
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|252f061b50a96aa7fcd424f11f23e83808bb4fc59ab2cea9383df9b79f494fc8
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|76be11d6347ae4da11f3b047b53b8630d9b0dfa5e1d4c07ca554c3c6eb2b646aeb32756b21a5ccd16b0bf5ec7bf56042d4c5a726bd5330e626e5e6f7071d6a7d
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|0842fe8ad4c3f90f1cbeed74d6cddbb0
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|fcc488ac582a99ad1a0a845f8bf4325a6c94416f
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|5072cbaff8384528061d840b711abced651e9f362df90de064f7ae53622643fb
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|81a31dee14d50c7f773d2b6b498dd1231584b51ef78b9e1cff9674fec8739cf67e1693375ba54a59f5d6b7f1be4b19b09e927a2e8fe0df96716e907e1947e518
distribution:1
category:Payload installation
type:filename|md5
value:_D8C6E4FF-CB8E-11E9-9709-0A0027579C7D_.dat|df309fee324f31bfa1c5e186f3d13701
distribution:1
category:Payload installation
type:filename|sha1
value:_D8C6E4FF-CB8E-11E9-9709-0A0027579C7D_.dat|45acf56a2748a7375f2d6eb5735698de9613305c
distribution:1
category:Payload installation
type:filename|sha256
value:_D8C6E4FF-CB8E-11E9-9709-0A0027579C7D_.dat|ff312ceb247d17f6273a8386e64d3fd86fcf5abecbc17860c3d788ee60791085
distribution:1
category:Payload installation
type:filename|sha512
value:_D8C6E4FF-CB8E-11E9-9709-0A0027579C7D_.dat|f870ae7ac669b28954ebdf57407991c92ac7345f86063c859ca62a9183415fd8c3ac327aa9d4b5b7f519a251edfa18cea384c4b873154c2817fbcc516f68bd79
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|646d6e589b56ac2498fcc6b1d3415adb
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|8776c7935ef79f48e4b5606be1d854821836ec98
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|761f6a6a73ad8ce5c2014a4773a6b88cb9490d00b3902eb005f6a59efd5499d6
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|0047f432fc42a537dd4f2ad5fc5e73e52cb06db5ede5cfbf4f4b0cd898f9dfb34ec908ef03a08651cffa59e5c08f60f601bcfc14c8c01d4bc1c3a2181ce0c223
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H78ZY729.htm|e9de2f2399513659bce692a106efd516
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H78ZY729.htm|a2d6fc4572f27f6b5915e127cfd054e8de9d3009
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H78ZY729.htm|4bdd3207a0146cac4ca8c1a1eb242e70d831776b765e998214fca1756da0d539
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H78ZY729.htm|cb21e6079af2aba02ab62701157e3d7e547e059262f734b642b93516bc8b1bf3f33e28a82bff6949e059cc823c4ee6aee90acbd6ee860f8122c702f7486e936a
distribution:1
category:Payload installation
type:filename|md5
value:_B8618835-CB9A-11E9-9709-0A0027579C7D_.dat|24d25d611362a359b6d8791af550b1dd
distribution:1
category:Payload installation
type:filename|sha1
value:_B8618835-CB9A-11E9-9709-0A0027579C7D_.dat|3b99926a0bfad6cbe2133044875fd8b2bfda6b87
distribution:1
category:Payload installation
type:filename|sha256
value:_B8618835-CB9A-11E9-9709-0A0027579C7D_.dat|e99ae676b75bfbd6e408d0e80b0dbec1df111b11d6f540a03a322c14a21b2ec2
distribution:1
category:Payload installation
type:filename|sha512
value:_B8618835-CB9A-11E9-9709-0A0027579C7D_.dat|8c969e3362820068850e626bc3d0ecdf1ab269ddee27b44030a11def8836ee56179819a9412b98668b4a355b249d7114cbd574e938c0102b830391a5e8bdaf6f
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\IDURZW7R.txt|987f6d5f0495eb4ef8d54552285b6279
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\IDURZW7R.txt|f981846f2c91d5ece2b190f027d5800cf36d63a7
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\IDURZW7R.txt|9f386cc95219fc870c66424b1c7e3ecbe65f410065a7388bd7ba142e9848d124
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\IDURZW7R.txt|a606dae6e687218cf89dc181d5c4edad8fdf2348725c47a46beae43aae501e2022381917ce8d54f2442d1cfd56ad7671a233a029a7f20c9bd3c5f93594a1b7d5
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\8UCDSTVF.txt|480d9e58e0277b802a2d6c2bc446ba09
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\8UCDSTVF.txt|c48003da20aba3b125896a85b27ef23e31f48a55
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\8UCDSTVF.txt|29fc1551bdd233c1c8b4c6641ef3b38fa67a59c2d7dd12da12af7870d1eca5a9
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\8UCDSTVF.txt|3b507603b695c388b7005bad0bb393872858876bab21366a72ed9d0dafe1e4db143bcd9bb1850769adc9b631b2cf8e86a1ed6aa47385bc2f0734b48af5071662
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XPZ4SOSN.txt|c3bf17c8ceb85a82d67a9a99f13dc555
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XPZ4SOSN.txt|009e4c7495ac88eeb324e94bd4b0a2a66739e20f
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XPZ4SOSN.txt|4b7850903df4390de1e184308860262f015487f121f672c58b72635976296e8e
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XPZ4SOSN.txt|4e1e03d88a019469f3e1e97d585d1e75bddae98a51f90ecec1c64a47409b4fba917c911da0004b5c5e5995595ad02568392f2aaef23ca67f8032a4f1a2131284
distribution:1
category:Payload installation
type:filename|md5
value:suggestions_1_.en-US|5a34cb996293fde2cb7a4ac89587393a
distribution:1
category:Payload installation
type:filename|sha1
value:suggestions_1_.en-US|3c96c993500690d1a77873cd62bc639b3a10653f
distribution:1
category:Payload installation
type:filename|sha256
value:suggestions_1_.en-US|c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
distribution:1
category:Payload installation
type:filename|sha512
value:suggestions_1_.en-US|e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\CVXE8LQI.txt|2a45ab31ce25f26018f9791143e0017f
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\CVXE8LQI.txt|cd04d1baf301d8241a27b052e70acc0cb9eb7bd5
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\CVXE8LQI.txt|1b631970c1a1d94209554bebd22b209a9ced1fdf85d33b6d4aacb54e602b8e5e
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\CVXE8LQI.txt|82d45702e8844fdf6ebee69b7e0a4c833c87d77fe52569ae7e5dc034335185cefe07a3a0cc590cb8df5614238d78b0b219b266ce52fefb91fac95392cc7cfe96
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\JavaDeployReg.log|654cd0fdd6ea394f1b9553e7aeb0e2a6
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\JavaDeployReg.log|a8a7064373b614644ae97b88a6cbbe284343e95d
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\JavaDeployReg.log|61aa5819a9d998650e1e511597a40e00d871f2f73b15091aeb879ecc07b27db0
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\JavaDeployReg.log|67f37a24efcc5a2badb015f84603db0026eb40175033fa0b78d945bcb2ae629607d83dbdf33532ac672bdfd7582c6d81085d5ac1d88cff313fc06046d9e954c0
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DF65B2F64BFEEA9CE8.TMP|2bb84423d86190e794f8fa67ef634dca
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DF65B2F64BFEEA9CE8.TMP|dbfc45bc3f4c4dc6dd61930a132b106fdc0a4160
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DF65B2F64BFEEA9CE8.TMP|12c23c6a4256c1f363a99c03334064392709eeda80a24c882d3d7934dbc29a10
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DF65B2F64BFEEA9CE8.TMP|8dc877ddacea2854e5fbb212eae4688327453888684413382f1fae195603278803fc862add4fd6a0f88a5c21f11694814c9138c7850050b8123b2f4621f9cc89
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\EUPP\HTMLSelectionConfig.xml|92bb55734dae8fbafd70a64b23e58a8e
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\EUPP\HTMLSelectionConfig.xml|79b7067a38413605f5bf7e9c61d24bc4bd4b4c3a
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\EUPP\HTMLSelectionConfig.xml|1a4d81fd258ec9669bf53b015230fca510855e3bff65c17f9dcd1ccc8b03e585
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\EUPP\HTMLSelectionConfig.xml|0352c8d7626b287dcc8e3e1f33fa995617069b7bfe343722863abdd7cdf2d27e38a2335853c4474963d8aafd5542f523e10ad7c8cc0ed95dddb6c7d720a531ac
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7|a5b0071a4e11bd3fa3d9a3ada8111021
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7|59d2d654e653ff21697cdf2ad40c40c99c11e3a8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7|0429fcc2544e7c12dfd7ea9361b497a61d907e2fe11462d1853af19b844e037d
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7|81041b9817999d472beaeb293595ff9b2b41f1ac07cdae79662b1fd414b7cb41136ba8922a01fb3d37fff15b08fdf7e256a6dfb1ed1df0ecc099974f7c5f1c75
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|7cbe87b18b3c13f3dced1999013cc816
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|7000c8144f77cb76e39a930cd67a668fd5c1ffeb
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|d9692980c5aa9ad4d8134a4cdb1711552c239aad9feae2feeae5e0614517fbbb
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|f31eaa4d42e2f067938d650fc1807599381d81d35a525dbe57ed36df54ebdf216f9396bca429f9555c68004dc482ae2e5df63a9adf1cb45a5d3c26c2d2f96fdc
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|96c25031bc0dc35cfba723731e1b4140
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|27ac9369faf25207bb2627cefaccbe4ef9c319b8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|42c5b22334cd08c727fdec4aca8df6ec645afa8dd7fc278d26a2c800c81d7cff86fc107e6d7f28f1a8e4faf0216fd4d2a9af22d69714ca9099e457d1b2d5188a
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.2|5a34cb996293fde2cb7a4ac89587393a
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.2|3c96c993500690d1a77873cd62bc639b3a10653f
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.2|c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.2|e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|a08edf5bbaa08d29490e23f4b92c4440
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|9614c47172efec3be29f423d2f0481f3bc44ad9c
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|7ab4f0f25c6c459a1d04e8588c33ebe6c395407e05b1328089f6aa4d9ac69d6b
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|5ae409ef213d2638a3ceb1b42d95a885c812f9579a2d4d71ed946a541816b4290cb797df712dd72326d84c53efed181e8778515fa89b4d3799a29834cae58a9a
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|b5c69d37d396ae38eeb9c0cae31c282a
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|9e33dc3ca58902f0220dc7f00c47d2d89fb084ee
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|6d794908d13c81f3f8f0d836d67b294f0be6c0e2bcc7c40bbfaed6050215bc77
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|edf026b6df6aba71d03bfec9559a891e093089b1a96d2a2b9852a4b1dcef7884eae1d3b48111f44b66ff229fb8d2b80836f77f377d0cf61b37c755c569885134
distribution:1
category:Payload installation
type:filename|md5
value:favicon_3_.ico|9fb559a691078558e77d6848202f6541
distribution:1
category:Payload installation
type:filename|sha1
value:favicon_3_.ico|ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
distribution:1
category:Payload installation
type:filename|sha256
value:favicon_3_.ico|6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
distribution:1
category:Payload installation
type:filename|sha512
value:favicon_3_.ico|0e08938568cd123be8a20b87d9a3aaf5cb05249de7f8286ff99d3fa35fc7af7a9d9797dd6efb6d1e722147dcfb74437de520395234d0009d452fb96a8ece236b
distribution:1
category:Payload installation
type:filename|md5
value:search_1_.htm|85e6d378ce5ac2c6b41d95739e75b734
distribution:1
category:Payload installation
type:filename|sha1
value:search_1_.htm|7998cbb71dd1414fa6c836abfc31f97ceafe4c8d
distribution:1
category:Payload installation
type:filename|sha256
value:search_1_.htm|c4e40ca5644a25562e5f763f7fca8b2018722bc3e76ff340bcf3df8875e6406a
distribution:1
category:Payload installation
type:filename|sha512
value:search_1_.htm|c915f0b88cec878f88fe00d5c672027a2856ee7e7e2573b85625eec336c6b8612d9b1ca21c72234c6a43e0f72473af421921e3d4106efd7b81970c78d1c60f07
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DFB5F68A4EDCBB2A12.TMP|92062317846b42bee872793164f156b9
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DFB5F68A4EDCBB2A12.TMP|d303cf0f2e0d4cbd965aa9779e40c32a7af1a0fc
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DFB5F68A4EDCBB2A12.TMP|eb1eb0c8432caa9f252417c26c59c9886053d4fc0be0df213a19dce7c5fa74a7
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DFB5F68A4EDCBB2A12.TMP|3926c7d435189c17cd75bfa91f9bb2a3f53ea9c627f80e23c6ebe4b02464a56a51aa6fceb94c5f8f7ff0e1ebd5d2f9e3c20e7aa39f69783c76906184e844f5f7
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|30542c69202dccf94277ad1bc31ecae2
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|864e15507254bdbf391709da99ea3bb1a68c8414
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|abbee141167048d35b7a7f2c2b6216d92614b5775996a0aab861544f827d0dfd
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|72787e08fa10660b3467f28f4d05c011e10a8861401b143bf2b754c4068feb875aa5a9ab5dd972166b3de091894c209afc36bd11ab7cae8ffce6f80d6820bba2
distribution:1
category:Payload installation
type:filename|md5
value:ads_2_.htm|aae7cfc14eaac3676edb65f60aa4ec7b
distribution:1
category:Payload installation
type:filename|sha1
value:ads_2_.htm|aeb53c4a993c0aabbee9ee2248e734c831a88c28
distribution:1
category:Payload installation
type:filename|sha256
value:ads_2_.htm|401b7f7fe7923ee0a5f6c7cd789a020b6e4cf52a1a242b79367173a1bad026a0
distribution:1
category:Payload installation
type:filename|sha512
value:ads_2_.htm|db8d616e55573b42019cc56463e8c28454c28c8ac1089d1c550f3f45601e18b0d9750bac8c1b4d327826439bd0c4bc6cfbb8a8bfd08bdc08af4c8f0ebeb9f51d
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|ee4a527fbc65fef137de0feb897fcfa9
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|f5140432513d57d42218c3496d658a7f6af7121f
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|70d3e46946185348b48c16c720932d28721dba4691803b2b8971a19c39e50718
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|a6d79d927a881b6d35e417a97d3c29b5cb648a7c142988f19a0a5a089212ce42a7fd055f94853268cb826acaa73e4db85e11ffebf0c985bb6384d4a69152e48a
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|9186310daab9369cbabc4f2f2bd21acb
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|3b5153e1e2ed9558c4f7e829a80aa5e4eff92b11
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|1904f1894647fcda5c3d18a5a9ff4be083b0781be223e6d6d5cf832b490ef728
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|749a105398ac790d38893798037ebd71b492bfcb925943ec3ee0d218ff55aa6ffa4f7f3684f864032b1967901e752b9a502b1850e1f6843af8737465de4d10c8
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|5f8b369ff3672dcaea42cfd9550743a3
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|f6c8035694d3bc3351f15df33caf7bcd69c74516
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|4c59718aa88c02689a734c6c56497497a2661c3ba970e391c9b5702842b1ddf8
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|62d16ab6c30c534eb8afe88631fea0f7f4093cd0fc3d840fe5f670057fecdd9a5b35f7acadf11b0ad1adab3abb89f8df6083e5d46b72d3546f6c83c4978fd6b0
distribution:1
category:Payload installation
type:filename|md5
value:errorPageStrings_1_|6b26ecfa58e37d4b5ec861fcdd3f04fa
distribution:1
category:Payload installation
type:filename|sha1
value:errorPageStrings_1_|b69cd71f68fe35a9ce0d7ea17b5f1b2bad9ea8fa
distribution:1
category:Payload installation
type:filename|sha256
value:errorPageStrings_1_|7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
distribution:1
category:Payload installation
type:filename|sha512
value:errorPageStrings_1_|1676d43b977c07a3f6a5473f12fd16e56487803a1cb9771d0f189b1201642ee79480c33a010f08dc521e57332ec4c4d888d693c6a2323c97750e97640918c3f4
distribution:1
category:Payload installation
type:filename|md5
value:ads_1_.htm|c3d76cdd18cd4a0a966b0242d1010552
distribution:1
category:Payload installation
type:filename|sha1
value:ads_1_.htm|7c9548be39de856eb722434e04605465766476b8
distribution:1
category:Payload installation
type:filename|sha256
value:ads_1_.htm|8320a307c6659f76aa3b7c9a5b4ea92c2401ebf5ad4d708f7a79f2251634f15a
distribution:1
category:Payload installation
type:filename|sha512
value:ads_1_.htm|474acc9dea3aeeb76ba2c890709f9656ef2a9b92b10971035877adc84ea65346edaab52b4c034200a5cc0ca713cd9040ce031b97a5227ee983ca49cfd9bff257
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DF9095D4B18B2FC3DE.TMP|821fad1e501bcba971902fdb87865170
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DF9095D4B18B2FC3DE.TMP|f4a63544a9d6618a020c7473accc79e818031d32
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DF9095D4B18B2FC3DE.TMP|3c2a02ec1dac3f1a92affba1285f3c75c327f11c432f05db6cdcd3b537d8d0cc
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DF9095D4B18B2FC3DE.TMP|88dd91cc3f2abf3629ea25bb8547e1165a58c234919ca6c7704afdc2965904ab48d3c6ea3439354229953afc8a27e4e612b6bb5cec3ae5070f197a96bace37bf
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|651c10e082a337470a5e5cb7aab21187
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|b7aeb311379e180f8d38bac0633568ffddf38fc3
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|8a94a03fc50da41468b42a87e02ddac53668a6e7a68acfc1511b9cfb29ee38d1
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|67ad5675474f8713c9dd7c69bcecb7658d1a042ddca36c02674d8f5c2b89ec7a97259763425c71ef37e3a7edc54fe1022f1389697e68a82ff6d73a18b02d5fe0
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|9cfe38cd19e775ed3acf771a32e63c2c
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|44995b1152964ba19e79f531202d0f8a59839e9d
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|f0d0585dde903c2043c83d6ec9a11d6ffe50fbc96adf3c07cbf86ea57dcec2da
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|61c2f34697110937a5c6128e9f92125db3964be09ed76bd2ca42346d85bb12e21d220ccf42a48f26a90419447be0e1dc8ab00a9558b8e2888458904146a36165
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1|5a34cb996293fde2cb7a4ac89587393a
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1|3c96c993500690d1a77873cd62bc639b3a10653f
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1|c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1|e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
distribution:1
category:Payload installation
type:filename|md5
value:landerParams_1_.json|0165a7f8fc3efb6fadb8f2327bee6b11
distribution:1
category:Payload installation
type:filename|sha1
value:landerParams_1_.json|49ba4ecd936589e6728455a7a1da899e1dfec35b
distribution:1
category:Payload installation
type:filename|sha256
value:landerParams_1_.json|200eac8de71accbb3d6cf0bd1b028c47abac003d0954d567a7990fcc5f07a76c
distribution:1
category:Payload installation
type:filename|sha512
value:landerParams_1_.json|fca7eae18a9531093ef65f47b83a3cca65b13a034385a1dfd784c0652181b417b57aabb57ecd39be88e9d67366ad587a6094b898a557d18b8f8cd4a2d0e681e7
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|5e6b3046cc3b70e0f5ad9ee1fa37ccf6
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|d0b0eb57b7c70c1dfee247c97fd2453d7fa98318
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|252f061b50a96aa7fcd424f11f23e83808bb4fc59ab2cea9383df9b79f494fc8
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|76be11d6347ae4da11f3b047b53b8630d9b0dfa5e1d4c07ca554c3c6eb2b646aeb32756b21a5ccd16b0bf5ec7bf56042d4c5a726bd5330e626e5e6f7071d6a7d
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|ee4a527fbc65fef137de0feb897fcfa9
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|f5140432513d57d42218c3496d658a7f6af7121f
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|70d3e46946185348b48c16c720932d28721dba4691803b2b8971a19c39e50718
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|a6d79d927a881b6d35e417a97d3c29b5cb648a7c142988f19a0a5a089212ce42a7fd055f94853268cb826acaa73e4db85e11ffebf0c985bb6384d4a69152e48a
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|5f8b369ff3672dcaea42cfd9550743a3
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|f6c8035694d3bc3351f15df33caf7bcd69c74516
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|4c59718aa88c02689a734c6c56497497a2661c3ba970e391c9b5702842b1ddf8
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|62d16ab6c30c534eb8afe88631fea0f7f4093cd0fc3d840fe5f670057fecdd9a5b35f7acadf11b0ad1adab3abb89f8df6083e5d46b72d3546f6c83c4978fd6b0
distribution:1
category:Payload installation
type:filename|md5
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|c56d8532c00d3f61c882938274c417a9
distribution:1
category:Payload installation
type:filename|sha1
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|acadca3d01446de05226eebfd9fae1350d6e2b5b
distribution:1
category:Payload installation
type:filename|sha256
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|40c443906898ab162787fdca81ef0b21c749e37f2ec2f56f120d828869fec2ce
distribution:1
category:Payload installation
type:filename|sha512
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|c7e875c5aee468bf9a15242c9444753f0b8504e5dd8e0a8f83170b866f2717f02af5fe0d2b62ba4ffd37911046f1e4a111ed7a2b23f5fa837ff969b9b4d96e23
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\F0FC5LK0.txt|9049009388fca382490ca94e52928b25
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\F0FC5LK0.txt|e58e924f152bb7f5e4d6648ebce5b568428935a8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\F0FC5LK0.txt|3e0b05876abb1d50cad25db26cf7c5fa93070d35ba25e896e8d7a58671105f25
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\F0FC5LK0.txt|990af671994b114fe893a98864bc3a6fe0104b655dd421a03bbc6a0d0e30562a4ddfa69e334c3a19961c2353b2fe4d817e2e3cef81ea3ef7beee11fff09c43d1
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|4ef806dc6e32c4abdeb5ae7a52345ac8
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|c3b396af99259db3795116a6d79ec4203404f9ce
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|43ff423d1bf8bcfd71b4341816f9f49899223486e621664555daf92646290672
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|733bda4927e2630b01256a44d9462374baa712bfd6cccda7a2cca702d304c23dec5f4852076d9be3d3103276948a7a3c9144667b4a1c5d5f8c1a024f5f121e7a
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\37NU00GP\YXHKE6BR.htm|bd99e3a304ff5fe4cfa4bd1c950be8e2
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\37NU00GP\YXHKE6BR.htm|d2dbfd00ce23d091bd911505d6bf1f9fd80641c4
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\37NU00GP\YXHKE6BR.htm|216b9ff73161436ffca8dba1eaeb107b0da0dc5247c0666932530f0259cfd9fd
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\37NU00GP\YXHKE6BR.htm|0303225994741a8f5fcd1896f8c311f8797f6b8bb4537fb76c35b82b394617d56c684b66dabf23eeb07d30ac8b0d98c31bc831a2b3b9f5b25259f352834ad088
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XNXYOAHT.txt|1138f854ba7cabaac8f382bb38a23889
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XNXYOAHT.txt|23e197519b67afafffa992e8ed14e69269242368
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XNXYOAHT.txt|b454dd40d5b956aa5fe57a3c1a226cbf1da46af13266448dde41d5dd9d274ca8
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XNXYOAHT.txt|116f5dc81d67a4bb69d60affee39b9aa61525be78491ada4c9140a4675cc89543b50130eda444b889ca7e2e227ba8fa318b3b44df0bfcbbf71a648bd892d96ad
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|96c25031bc0dc35cfba723731e1b4140
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|27ac9369faf25207bb2627cefaccbe4ef9c319b8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|42c5b22334cd08c727fdec4aca8df6ec645afa8dd7fc278d26a2c800c81d7cff86fc107e6d7f28f1a8e4faf0216fd4d2a9af22d69714ca9099e457d1b2d5188a
distribution:1
category:Payload installation
type:filename|md5
value:htmlselectionconfig-2_2-win7_1_.xml|92bb55734dae8fbafd70a64b23e58a8e
distribution:1
category:Payload installation
type:filename|sha1
value:htmlselectionconfig-2_2-win7_1_.xml|79b7067a38413605f5bf7e9c61d24bc4bd4b4c3a
distribution:1
category:Payload installation
type:filename|sha256
value:htmlselectionconfig-2_2-win7_1_.xml|1a4d81fd258ec9669bf53b015230fca510855e3bff65c17f9dcd1ccc8b03e585
distribution:1
category:Payload installation
type:filename|sha512
value:htmlselectionconfig-2_2-win7_1_.xml|0352c8d7626b287dcc8e3e1f33fa995617069b7bfe343722863abdd7cdf2d27e38a2335853c4474963d8aafd5542f523e10ad7c8cc0ed95dddb6c7d720a531ac
distribution:1
category:Payload installation
type:filename|md5
value:ads_1_.htm|d38dcf21889b7ef25541d02db7ad4864
distribution:1
category:Payload installation
type:filename|sha1
value:ads_1_.htm|3cf9bf6dc53a03e4227ec2da27b42a6d8011c056
distribution:1
category:Payload installation
type:filename|sha256
value:ads_1_.htm|f0982cf45767a52aedd0c746251017ed9eecbbb294a6348615db64badd4274fe
distribution:1
category:Payload installation
type:filename|sha512
value:ads_1_.htm|84edb0f8c0a68def51998f39dd0c05461594d074f82caced85b2ef0ab72c57cc6e39d5a13b1c1226a1d90efc9a546970b04e7960e78e3dde9df5385c530bd388
distribution:1
category:Payload installation
type:filename|md5
value:bullet-arrows-orange_1_.png|31f21bbaaf88b740f21fe900701a8373
distribution:1
category:Payload installation
type:filename|sha1
value:bullet-arrows-orange_1_.png|75f71c5ed4e44505a12c453e76cb1c10953acb6e
distribution:1
category:Payload installation
type:filename|sha256
value:bullet-arrows-orange_1_.png|6bd48e5cbf3c20acab72dceb7208e9da630d34d4eb41ec165e168df9bec92684
distribution:1
category:Payload installation
type:filename|sha512
value:bullet-arrows-orange_1_.png|5a3fee420bbb3d997ae40a3530721e181bb71bdfa2d54807da227c1a11f50fb9bfecff979f53725ff83a89a9fe1251d4db94d247160873b00d13ed12b2bdb349
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|5eb8f15425c1ee254f19768acbd54835
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|82efd72d63232c960435abe2fa38561ac326e779
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|3b4c4693dc989f5bdbb528dd512caf538d1b57052da392c21628979abebdd79a
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|fbf806d1263721532397e88775ace14f4b7937dd8d534a624d0b5b1316d408dc98b75192fad64b18971519618aa7fbf8ef5150e041b1283e2cf1deaf61545f86
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\Temp\~DF50290E754BB51E92.TMP|feea48547804a418e0f93f315fef1da6
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\Temp\~DF50290E754BB51E92.TMP|961638e7e8f338f59b5a92f9a49de4732eca6af2
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\Temp\~DF50290E754BB51E92.TMP|a956ab183085b72ce98ae9577243f17642e7466966229e97cd940212a5dd3984
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\Temp\~DF50290E754BB51E92.TMP|84f541670df9f0ee86225015edcb1c0b89621f39e884c9118bacb76ae27d05508ff2364b98e11ae67cd0ea1ea7c4d6290516bce404f3fdb34b537b54ad72a470
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|2bcccaa672cd9cd08fd10664de653f2e
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|933fcf502212a2121730c7f27c3f388bba4ff3a5
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|54dfd9f4bd06bc8ce53a0904f003e1113617bf9ba4f89de829f037cc79054bb9
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|ec7101072cebcb05fbf875d8884c2e0dded0049f90e5a3546068529ffe20542b5d49ccb2b89b668a9fef1ce2e03fcf5b7de42b3410d01d3d464ebda1edb9dddb
distribution:1
category:Payload installation
type:filename|md5
value:caf_1_.gif|55fade2068e7503eae8d7ddf5eb6bd09
distribution:1
category:Payload installation
type:filename|sha1
value:caf_1_.gif|317496a096d6c86486a71d4521994bcd171a6bb3
distribution:1
category:Payload installation
type:filename|sha256
value:caf_1_.gif|e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
distribution:1
category:Payload installation
type:filename|sha512
value:caf_1_.gif|a9adb9feea4bc14b9c34ed17cd30f8cb36dc686e9f69a292fe65bebc195be4714391fd98ec7b67bfd363fbbb6089c41a0b7cab5130b50b461748e668cac75621
distribution:1
category:Payload installation
type:filename|md5
value:favicon_2_.ico|9fb559a691078558e77d6848202f6541
distribution:1
category:Payload installation
type:filename|sha1
value:favicon_2_.ico|ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
distribution:1
category:Payload installation
type:filename|sha256
value:favicon_2_.ico|6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
distribution:1
category:Payload installation
type:filename|sha512
value:favicon_2_.ico|0e08938568cd123be8a20b87d9a3aaf5cb05249de7f8286ff99d3fa35fc7af7a9d9797dd6efb6d1e722147dcfb74437de520395234d0009d452fb96a8ece236b
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\N8QNT662.txt|e6d110edefb3b6808e6c430efbb80d46
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\N8QNT662.txt|08a8748127dd02bb81609d88541c65dafdd0288f
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\N8QNT662.txt|5e86892853a240a0c2b961a8de599bdc8ef089d56a4ac48c96482bf1991aec80
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\N8QNT662.txt|eb9bbd05d7652530c4d2a79efcb671cb6d4f902324c1ff0e58bb3924596ad018f486178d91f45d7d727b9e3f5e14528d982e122f1614a4b2576bdc14424d738c
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|7ba2927c7d84d7fb75214b5935b83809
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|ecd8948321d4dab1a885c320bc2c5dd64c382e5c
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|67740a378d16e9f41e5c1f029d2080851c42120b4f8afafe5459000b1ff2916a
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|dcee8b8cccd7bf0c41eb71a70f1a3449823f855d22f7e2a6a22414cb1576eb7c2af39a07a80c90a0859f4b8c9bd0f3410a8770fe2899bcc8be53aa53b98737e9
distribution:1
category:Payload installation
type:filename|md5
value:ads_1_.htm|5e4d3063ccbc390570d9af9d874b90ac
distribution:1
category:Payload installation
type:filename|sha1
value:ads_1_.htm|8137a5ee8b6fc1399e15dc8dec4eea0fa63a50ed
distribution:1
category:Payload installation
type:filename|sha256
value:ads_1_.htm|969a7a798cd09fc2fff3d5b0433d929d2784a59e66aa1645a3c430e4decd4cde
distribution:1
category:Payload installation
type:filename|sha512
value:ads_1_.htm|8b79d7679887846230e545129c76f42aa22eb360d904fbbe4aa63428b2ad073355862a110516fc3bebf38fc734a86af84c5d796166bb6c7f4bbac97e357febda
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|0a18e333c6cef686e3094d6722e9092b
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|67a3e69a51e47cdf3b1b5c94392241d4194c0b1c
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|4efe3f949f6c23913e6d22ebe1f94d0d45417cf957ca2d0991b4f9a916e26720
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|91181fee740916549416409481402fbb90bc23d273ca4242033107f8bb7ed3dcc32de2dfa9f0d8ecd6c32ee38295b241a24d87d25794b9aea3a28890c23d8a40
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\9FM5TOOO.txt|c729f886bf7f6e55b11364a219354098
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\9FM5TOOO.txt|833789c8db2dfc01c7da9cf7dff393f915803424
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\9FM5TOOO.txt|62764a7ec0d4621575e5f7feb7fafe852658d4e5ca54ee37589ce339c2096f98
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\9FM5TOOO.txt|363075f79978b6c8e0b3cdb3c62ec31f9382bddec753ffcf5d1a330c8c1b4df1cffab9280d144ee0cd13709b07ddfc64d2fa98baeaa271adb11fea3dfab720a9
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|4491f0c3f54c81ca5aa420c903805905
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|05fa462958ea258ea6b332dc8475aaa7d77e0e27
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|9628ff7e8ebdf06573f5bd1e88d69640d9380ab2545ab92baf0e88f15947a10c
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|d2558508d4ec3754321358f5ffd6d491a64bbe270d44414faa3681cc492256ff4e3d860998be44f8de3ca704ecbfbc111eaf188bec0ce00ea1380358c8095f25
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|66101395983f4f066a8a692efedf0a2c
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|f81de2d8b67a5da822a7e3b4c3277865e87941bf
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|3e70cf17818f8a4421da15c0d06c5ac3dea6871a6cce7ccb9e3e17a7b1c7a5f8
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|2f1eb09c9da89e9c7e42dc40fdc4c4381ac3224b418f9f962902e15688ff2593f9241dac4764b3c4847b823104c32caa9355125b19853d36422cd366ac7007a1
distribution:1
category:Payload installation
type:filename|md5
value:dupe_1_.htm|85e6d378ce5ac2c6b41d95739e75b734
distribution:1
category:Payload installation
type:filename|sha1
value:dupe_1_.htm|7998cbb71dd1414fa6c836abfc31f97ceafe4c8d
distribution:1
category:Payload installation
type:filename|sha256
value:dupe_1_.htm|c4e40ca5644a25562e5f763f7fca8b2018722bc3e76ff340bcf3df8875e6406a
distribution:1
category:Payload installation
type:filename|sha512
value:dupe_1_.htm|c915f0b88cec878f88fe00d5c672027a2856ee7e7e2573b85625eec336c6b8612d9b1ca21c72234c6a43e0f72473af421921e3d4106efd7b81970c78d1c60f07
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|7cbe87b18b3c13f3dced1999013cc816
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|7000c8144f77cb76e39a930cd67a668fd5c1ffeb
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|d9692980c5aa9ad4d8134a4cdb1711552c239aad9feae2feeae5e0614517fbbb
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|f31eaa4d42e2f067938d650fc1807599381d81d35a525dbe57ed36df54ebdf216f9396bca429f9555c68004dc482ae2e5df63a9adf1cb45a5d3c26c2d2f96fdc
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|5eb8f15425c1ee254f19768acbd54835
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|82efd72d63232c960435abe2fa38561ac326e779
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|3b4c4693dc989f5bdbb528dd512caf538d1b57052da392c21628979abebdd79a
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|fbf806d1263721532397e88775ace14f4b7937dd8d534a624d0b5b1316d408dc98b75192fad64b18971519618aa7fbf8ef5150e041b1283e2cf1deaf61545f86
distribution:1
category:Payload installation
type:filename|md5
value:caf_1_.gif|55fade2068e7503eae8d7ddf5eb6bd09
distribution:1
category:Payload installation
type:filename|sha1
value:caf_1_.gif|317496a096d6c86486a71d4521994bcd171a6bb3
distribution:1
category:Payload installation
type:filename|sha256
value:caf_1_.gif|e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
distribution:1
category:Payload installation
type:filename|sha512
value:caf_1_.gif|a9adb9feea4bc14b9c34ed17cd30f8cb36dc686e9f69a292fe65bebc195be4714391fd98ec7b67bfd363fbbb6089c41a0b7cab5130b50b461748e668cac75621
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|cd158e306af7d70de28b8e670e8d0a4b
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|da85abdad2dcb403cbf3a238c9336a1f4bfd23a0
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|5382cc931ea177b35c6b0b0f376e5b0c0fec1affa14fef345c0f154b971a7faf
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|31790e9e23b411ad73eab177b86bddbcf866d30cb164994013f1a2d04b4a82d2c9067a1a17794757e3b861e54f5578f5815b165d0e9a8147277c4db693048959
distribution:1
category:Payload installation
type:filename|md5
value:%USERPROFILE%\Favorites\desktop.ini|881dfac93652edb0a8228029ba92d0f5
distribution:1
category:Payload installation
type:filename|sha1
value:%USERPROFILE%\Favorites\desktop.ini|5b317253a63fecb167bf07befa05c5ed09c4ccea
distribution:1
category:Payload installation
type:filename|sha256
value:%USERPROFILE%\Favorites\desktop.ini|a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464
distribution:1
category:Payload installation
type:filename|sha512
value:%USERPROFILE%\Favorites\desktop.ini|592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810
distribution:1
category:Payload installation
type:filename|md5
value:favicon_1_.ico|9fb559a691078558e77d6848202f6541
distribution:1
category:Payload installation
type:filename|sha1
value:favicon_1_.ico|ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
distribution:1
category:Payload installation
type:filename|sha256
value:favicon_1_.ico|6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
distribution:1
category:Payload installation
type:filename|sha512
value:favicon_1_.ico|0e08938568cd123be8a20b87d9a3aaf5cb05249de7f8286ff99d3fa35fc7af7a9d9797dd6efb6d1e722147dcfb74437de520395234d0009d452fb96a8ece236b
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|601eac0548a26a7964fadb47edc695e3
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|76ccd6af97a50ac1a28b78704c393c76b05eea86
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|e769412890608ae3a8e49c1851967534926cc444be6022653bd3813684d4ad8f
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|5469f1c1a8d47e03b9681e61b0240b4184b14ba105b7bc28bbe69961707f1bbea2a208c6db50e03c1975dafeb9c96886e6f71e2f280dcf1d939f0f75f07040dc
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\H0JCJZ2O.txt|a4816b62225665dd3378eff031bf1ae4
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\H0JCJZ2O.txt|e15b6d1b2cf9359c0c6ac52cc3c9e05afa8491de
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\H0JCJZ2O.txt|b7ec94d40291aa1f776e15d30a492ed9b3dcdf96efff516c2ab8e9ae475b05c6
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\H0JCJZ2O.txt|66f61aeae2aaf6568b1d136dacc346a33585a2d86d2475b53c79087bed1fd8a1bfaa554071b2703a353a202a7a82cb7b2c29ace90bbb9ceff1d802620bf3fd26
distribution:1
category:Payload installation
type:filename|md5
value:httpErrorPagesScripts_1_|3f57b781cb3ef114dd0b665151571b7b
distribution:1
category:Payload installation
type:filename|sha1
value:httpErrorPagesScripts_1_|ce6a63f996df3a1cccb81720e21204b825e0238c
distribution:1
category:Payload installation
type:filename|sha256
value:httpErrorPagesScripts_1_|46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
distribution:1
category:Payload installation
type:filename|sha512
value:httpErrorPagesScripts_1_|8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|0842fe8ad4c3f90f1cbeed74d6cddbb0
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|fcc488ac582a99ad1a0a845f8bf4325a6c94416f
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|5072cbaff8384528061d840b711abced651e9f362df90de064f7ae53622643fb
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|81a31dee14d50c7f773d2b6b498dd1231584b51ef78b9e1cff9674fec8739cf67e1693375ba54a59f5d6b7f1be4b19b09e927a2e8fe0df96716e907e1947e518
distribution:1
category:Payload installation
type:filename|md5
value:landerParams_1_.json|d2271dfd929e131cdc376b43bb4181d2
distribution:1
category:Payload installation
type:filename|sha1
value:landerParams_1_.json|cca6798b4843ee5ba1d8ee2ccd45317bad8d6e22
distribution:1
category:Payload installation
type:filename|sha256
value:landerParams_1_.json|b15d71e438d892b1038e0d52769c340ca34ea8da7a68edaf878b064edf8bcc76
distribution:1
category:Payload installation
type:filename|sha512
value:landerParams_1_.json|8f76a0245fd77dbe721f7292171c57c34c0c3c3e56e2484a3559cb9c559cc885fdfc87b258353356f12464c886b234b7a1c8b89b892623325793a49b47658ac1
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|884758f63399f2962d8d5d84cc06a0e1
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|3ab0ac6d217327f9f986927dd436bd49a870b78a
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|fc77aa93276ab4200134865852af8c4e3e3ccc164b26adf3b331b7b556610ac7
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|f623580aacb56c419915c070cf101a33941bc7f74ca28b0abca43dd15738d218d81df23afff89f8e37d4fbb8d3f0c3df3e220fc65ab6667c2f267382ddfa0605
distribution:1
category:Payload installation
type:filename|md5
value:main.b0434fd9_1_.js|cd052864fef0a75c2b506b42e1a784af
distribution:1
category:Payload installation
type:filename|sha1
value:main.b0434fd9_1_.js|8df1aeb9d4a903e2e4c10be5ea0c0111c5bb75ff
distribution:1
category:Payload installation
type:filename|sha256
value:main.b0434fd9_1_.js|858ed3ec23aa92070a7cd7e9b4ccda14820e8bb4de2f18de87f21dd98121c5c2
distribution:1
category:Payload installation
type:filename|sha512
value:main.b0434fd9_1_.js|cd2d1f44c95015c22918d69e871255f641fa50f94d923c3c02a6bf6ff29a74cf2f0b4fcef909253b7b3509cbefa8fcdbc5fc4db808b23bb622819568ea76fa43
distribution:1
category:Payload installation
type:filename|md5
value:caf_2_.gif|55fade2068e7503eae8d7ddf5eb6bd09
distribution:1
category:Payload installation
type:filename|sha1
value:caf_2_.gif|317496a096d6c86486a71d4521994bcd171a6bb3
distribution:1
category:Payload installation
type:filename|sha256
value:caf_2_.gif|e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
distribution:1
category:Payload installation
type:filename|sha512
value:caf_2_.gif|a9adb9feea4bc14b9c34ed17cd30f8cb36dc686e9f69a292fe65bebc195be4714391fd98ec7b67bfd363fbbb6089c41a0b7cab5130b50b461748e668cac75621
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|8298ccd3299bd6a72fe4dc0e513b9ab9
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|4e64552980722df913d9118d4072f597fc2402ce
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|8283b7d8e9d78f514ea141ad406207ad3c07ce5c27d22cd32dd8630b19686bc3
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|3f424efe0f7c271dded2753af6d282d507998e6a8de8000785555755d5fad6c36869b4775cb320df5ad56a268f432f5b1757ff7f147fa9d9e240d2bca9398a3d
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Z7GNPEVW.txt|f163151e3e767a857a9acc4593a4bab6
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Z7GNPEVW.txt|2fe52a93dbf49c14a29aaf44e9234df452ae3cf4
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Z7GNPEVW.txt|0fa64e7c416276e89baad026b93e4898a3be5ba5094a29fb05ac9e048834e2ab
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Z7GNPEVW.txt|8e58ac5b68a9638e32535eb59c5e0446790ba28cdcbdc2c2a79cfcc741e76587cd6274384dbf73a007da0e3ea681fccd0b7c18f343c2a85c484b5da83d7c313d
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|cc7425e6f6a268a188a9bc712c19bb5c
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|da41b93aa0585d5174d4cedca684e03de03b3874
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|9c2f5ea339d1ce24dede73a13a748ec063e39f75713f50dfaf8e65d7725a8313
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|2eabacae02e0d6fc5ce579e12e33d2bba9b49e6381016712b32cf25e4bcfeda60379b032d18bbd684cd123fa7c8550a18d4e9ba6c8a556f68caa01a35f17a205
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|14add3fe8a020c627be0cc46f4ae8ed7
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|6caadb4fca0b588a6c624fcacf7174034516ad9a
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|e19487f9b33bf5b8f7578be7b54e7365cc866914a114af84007eeb7608940f5d
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|9240b8c4d05791bd28e33030d057a0695c9cc8784d5bb0ffbf0da45dd236a3749c0154782457442db4f82c9e402039f9b715081772d3c786d06150cfbd2e52cc
distribution:1
category:Payload installation
type:filename|md5
value:landerParams_2_.json|d2271dfd929e131cdc376b43bb4181d2
distribution:1
category:Payload installation
type:filename|sha1
value:landerParams_2_.json|cca6798b4843ee5ba1d8ee2ccd45317bad8d6e22
distribution:1
category:Payload installation
type:filename|sha256
value:landerParams_2_.json|b15d71e438d892b1038e0d52769c340ca34ea8da7a68edaf878b064edf8bcc76
distribution:1
category:Payload installation
type:filename|sha512
value:landerParams_2_.json|8f76a0245fd77dbe721f7292171c57c34c0c3c3e56e2484a3559cb9c559cc885fdfc87b258353356f12464c886b234b7a1c8b89b892623325793a49b47658ac1
distribution:1
category:Payload installation
type:filename|md5
value:RecoveryStore._4F89089F-CB8D-11E9-9709-0A0027579C7D_.dat|76632c935db9e03bc814be231fae4368
distribution:1
category:Payload installation
type:filename|sha1
value:RecoveryStore._4F89089F-CB8D-11E9-9709-0A0027579C7D_.dat|8b58cc59162cbeff90c9fefea4f763b4425e5b34
distribution:1
category:Payload installation
type:filename|sha256
value:RecoveryStore._4F89089F-CB8D-11E9-9709-0A0027579C7D_.dat|6a1d742339873b1cc4cea83459ea33eb5815747ea88adc1a3afb545153eea8da
distribution:1
category:Payload installation
type:filename|sha512
value:RecoveryStore._4F89089F-CB8D-11E9-9709-0A0027579C7D_.dat|4c57b50cd1e92bd5623a22dd6fea76d8b7e63d8b391204d0152516fe1211ca3e98736a48d455e3aa6d2f929bcddd013d51486d79d67a4b526568836daaefd635
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|b5c9e9fa7927e434f84ad47153b6b89e
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|658179b249ee9702419adfacff72af457fae221a
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|43f6791f5015987bd9c02afd322b30cd344c3291356e9402db07801dcc9e9dcb
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|6b47146b26f24a373a119a6c38e7562432d7e7851d45634e16b7c07e95b4ac69b6adfcac71170f134eb98f7aeba46270e69b51bafe77917aa02890cd78f3ff8f
distribution:1
category:Payload installation
type:filename|md5
value:search_1_.json|449f61c84cd2f7342f95403c908c0603
distribution:1
category:Payload installation
type:filename|sha1
value:search_1_.json|08afdc36927b6c4e03c3088e5c9c812cc4215ede
distribution:1
category:Payload installation
type:filename|sha256
value:search_1_.json|19170bd75edc0b5183a2f9fcc3001d9d222deff61e5915ad1127b65ab581a2a1
distribution:1
category:Payload installation
type:filename|sha512
value:search_1_.json|f0656bd94c8e33ffaa08a5630f9b7d254ef4297a30b280a802b3bbd4fb8a6e6ac1dcdffb53d09325163ad2bffc0768247c9bf3a40160023aef4c9da59c738a9b
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|1ddb49932d1d40989dbb5c275a909d20
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|e7b6a78bebb54888cd571e94f42dd09304b1a7fb
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|92608d099f6a6f58a188812c05ab3187d499744f98206fd7f8558e68b72f7ff7
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|5f84b2e9c9ef87b1c98895bf04a8d756e918f536c5a5a20e06e726772096afad50916551494847790d0f1fd093a0bf5c5791c6caa0c18a246600569cb827fb6d
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|a4206fb2bc553c0f49ab0027558959a2
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|18b4fa15b541dd5382cf68f92886278f1121b947
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|a70ae29cb134857b88696b0daa9216a68e0d3c618b79a44fcd03f928516c527c
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|c05cd9e6898e39a9d67470ef95151835227779fa2a225c291da34e86eaf1d46607fe1ffe3523d548fd202817bb34666b3f9fe54b292c0859b38ec30fa904960c
distribution:1
category:Payload installation
type:filename|md5
value:ads_1_.htm|3843c742136f4e7ea7ccdaad8d83f8d7
distribution:1
category:Payload installation
type:filename|sha1
value:ads_1_.htm|f9db861e96065133ec9e5bcf2b542281dbc07d59
distribution:1
category:Payload installation
type:filename|sha256
value:ads_1_.htm|486040e71113317824b48e6682956286dde37970218cd16c1e9e1018f6e6f26d
distribution:1
category:Payload installation
type:filename|sha512
value:ads_1_.htm|f2b8bf6704c94d20521d2aaac33a9019b804c1cce85709d8c0b8faa5280deb2d52b04a9abd948c2c4edd396ebafc7b7e8dc29b9e815349449010f0c4fcec1be2
distribution:1
category:Payload installation
type:filename|md5
value:_F34C478D-CB96-11E9-9709-0A0027579C7D_.dat|a8108c2b111ed7db093c75ac1e7ca849
distribution:1
category:Payload installation
type:filename|sha1
value:_F34C478D-CB96-11E9-9709-0A0027579C7D_.dat|f95fd7dec2f3bb339bfcd46579528e3462ace341
distribution:1
category:Payload installation
type:filename|sha256
value:_F34C478D-CB96-11E9-9709-0A0027579C7D_.dat|0a7a4a46e17d5fefa145abdd9c237a307ff732c685b18baaccea60469d12d2ee
distribution:1
category:Payload installation
type:filename|sha512
value:_F34C478D-CB96-11E9-9709-0A0027579C7D_.dat|bb029899be66dd2a4f7b60fbb85ab7770f319031586280a98f9cc7a1252cf2713197ae1f7bccd24256c6ded8e452c851b1155b1dd1db93baff4073a307b764c0
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DF283F9CECFAC14453.TMP|7520fe2321314ccb4a297a09569695d5
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DF283F9CECFAC14453.TMP|67ede71c46af0d425723728e914e0d0aa985abfb
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DF283F9CECFAC14453.TMP|0536fea74cbc65e5cb4f7457bbd6cd8ca3a40ebde3c186b37f55ef4274d51063
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DF283F9CECFAC14453.TMP|04489c77f9ee0e637dd5d9cf334605ab31234b07cac74377607192cc33b046f3139d661c19030e27ea8dc9b8e966281d62cb6d2b2d91c119a0f0c5a77262851d
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|cd158e306af7d70de28b8e670e8d0a4b
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|da85abdad2dcb403cbf3a238c9336a1f4bfd23a0
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|5382cc931ea177b35c6b0b0f376e5b0c0fec1affa14fef345c0f154b971a7faf
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|31790e9e23b411ad73eab177b86bddbcf866d30cb164994013f1a2d04b4a82d2c9067a1a17794757e3b861e54f5578f5815b165d0e9a8147277c4db693048959
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6I1Q0ZYA.txt|730ce833bc88de2b2cad9754f4473975
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6I1Q0ZYA.txt|928f8f5355ffdedf987ffea239e83d3e36925fc9
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6I1Q0ZYA.txt|77a2c67ff89fe16684e0f1368c04776f3450d78c07f9b2108090197d0312b3b7
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6I1Q0ZYA.txt|25f1e948042a9e9e1e5d4da894e81b34a855019e7dba114814dc51ca9d7f1b8302c4253fa090566e56a88ed8148c4a640d14d784213b822518d93c1c2ff5eca5
distribution:1
category:Network activity
type:ip-dst
value:172.217.1.35
distribution:1
category:Network activity
type:ip-dst
value:35.227.236.88
distribution:1
category:Network activity
type:ip-dst
value:72.167.18.239
distribution:1
category:Network activity
type:ip-dst
value:72.167.18.237
distribution:1
category:Network activity
type:ip-dst
value:172.217.5.3
distribution:1
category:Network activity
type:ip-dst
value:45.40.140.140
distribution:1
category:Network activity
type:ip-dst
value:172.217.0.1
distribution:1
category:Network activity
type:ip-dst
value:94.75.229.248
distribution:1
category:Network activity
type:ip-dst
value:184.84.66.166
distribution:1
category:Network activity
type:ip-dst
value:184.25.188.105
distribution:1
category:Network activity
type:ip-dst
value:13.249.94.139
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ADOBE_READER|63003A005C00750073006500720073005C0068006100700075006200770073005C0061007000700064006100740061005C006C006F00630061006C005C00740065006D0070005C005C0077006D007000730063006600670073002E006500780065000000
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:pdb
value:iexplore.pdb
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ADOBE_READER|63003A005C00750073006500720073005C0068006100700075006200770073005C0061007000700064006100740061005C006C006F00630061006C005C00740065006D0070005C005C0077006D007000730063006600670073002E006500780065000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F20100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0D2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000EF0100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0D2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\DECAYDATEQUEUE|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001955D2C3EBC63A4D975A2842B6C6734300000000020000000000106600000001000020000000B68B4C19457AC84F61A09B90FFD1CB62D7A98AA0337FC405246C0F369EC7EEAC000000000E8000000002000020000000B87E290FD7F36EFD4E8AA8ACD5BC85C1F6E2E662FD0302DC7229129A4950973A40000000A80DF460DCCE33A94668713509BC27DA4677505B4A09CC4BEA8D7A6BDECD94DD58F5BEA5FC217C6932680ACC63FF7FD4F35FC93224626D7F5B388511D0B90B99400000008DE4D9E9825EA21DF4013696C15AD3A48A9C83424AAE8127BF13357FD35F7496E506B51D18243F967D5BBC903575CFC5A86F1280641122B43BF8D21284E63A81
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\LASTPROCESSED|10E5B1EDAC5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\HASHFILEVERSIONLOWPART|02000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\HASHFILEVERSIONHIGHPART|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATELOWDATETIME|0E9B36ED
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATEHIGHDATETIME|BF5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DISCARDABLE\POSTSETUP\COMPONENT CATEGORIES\{00021493-0000-0000-C000-000000000046}\ENUM\IMPLEMENTING|1C00000001000000E307080005001E001700390001000F0001000000644EA2EF78B0D01189E400C04FC9E26E
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DISCARDABLE\POSTSETUP\COMPONENT CATEGORIES\{00021494-0000-0000-C000-000000000046}\ENUM\IMPLEMENTING|1C00000001000000E307080005001E0017003A0000001C0300000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\DECAYDATEQUEUE|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001955D2C3EBC63A4D975A2842B6C6734300000000020000000000106600000001000020000000C4F90158E691B4CE329DC16708DED32E4F3135E1C4A98B058B1ECA09AE8CC70C000000000E800000000200002000000087C4B1B7D0190415EE66223B66AA7F55B6EE4E407A5D64552191B7278AE2F44A40000000F3CCCDD93D768C6F76AE3764624A9FD4BBDFA394FC061A76EFFB931F5D74A2C256807CBF568055771768FAC9EEDE27A05BC905BC3B81532187B3EEE013E276F0400000004E5DCDED16E6DFE3BED981123755E689099EF2D47C8C7600176D3553F6742D1BF878F1EA0909B5589E730BAD3774F395AF84E80BAF5395C720B64712B66B9809
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\LASTPROCESSED|30D28122AA5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|765839798E5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|765839798E5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|765839798E5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1900000019000000E9020000E0010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\LOADTIMEARRAY|0D000000310000001F00000000000000010000000000000008000000010000000000000007000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\LOADTIMEARRAY|24000000730000002700000000000000050000000000000013000000050000000000000011000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\LOADTIMEARRAY|AAE0FFFF8FE1FFFF1500000001000000020000000100000019000000020000000100000018000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\BACKUPDEFAULTSEARCHSCOPE|0000000068090000DD5799EF2D4B48F4356DC9384413E51EDFFDC612B0A9B5C8B3616528AA05AB9AB1B5280E04D19D9648FA0244F90B22596E34CDAD1AA6F7EC358B8D519C281FF9C26CFA88934C23E5EEA89A9E7FA1B0F9EE93D92C6E28D8F76026EBA0BAF8BEAA951C72D804DD8E1CC3174793EEF3C41FC6BB96337F4FE9EEDCD14F2EA095DAE513657EC462A225A3B0E73FC00923047C304DBE05B93A290B3C2E3946E41F01E006E7D26694BC9AF307B90F55AE4FE7A089E7B392AB0B7E91BEDB5EE6EBB601486042D0C4EB4BDADA192B345B0299D71F132BBF144DE133F2937A8D509C7A6D8A7016A4F21070DD0461DED40F861F347FBBB729411BDC7A4336AA65B1E98B12EC1903BDCC6D491AD873729C4F420338F7F02C2F05FD1B5CFFF70A4ECD2209FE7314A98C3CF6F674A2CF87DB11BA636502632BFCD397C05A1EEB3CA5C6DC14CEA184A7E60F9B9AC015ACBD16F03B61BEBEB0523C86EDEA1A776DDFEAEF89CCE9F6AD9F865D3553981492B43AC5A71B7E1F52432DC92DB93C7799927FAB6A52CC4ED8305E80E140B8CE620DA8520BB334EBE99C891B794D1023E7F7196137C43708CCFA1597EE823B2C266627FEB947618F9DFE865DB0C58F6E1DAD11817D43C7FDE59D79A2753A368C0760829C4BF956BC080A27EE9A4337DF8C535A9352EFEA4C1CB920230C8685CFEA9B164B8DE7C8DAAA5EC25901E6E480E58BA65A47E865EF3AEE6659D8875CB7C4B76659E3333949429C3B9953CE6E2A5AF4450B444E542420DC7B03935D578E9354444428FCFA6CD6625FE1B51AC712922D0F87614154A81D23CAB81A2970286E1305C2FD619B927552E4FDBBEC09B6E2D879B65DE19FBC746380D0E1097C2D379224DC1E84BCA1690AF544FC633A085B9479E46D4E17039C3B7DD6A51ECBB53D726017C883EF94FF2B14103F9FBAF9FC00903639A85922894D348F75894439F7535DB011800AD44C562FD16AC0A04D46BE9C2D210F1C40AC38B1943F6832C7FBD586E6C4992751D22940AAC6E50DBD426DCB362DA31B4CD19C3478CCDC1E97AC982B575BF0467564465BA0D0307A6CA2ACE74E16848A14E019E9799E0531E2883C0B64A3A344E6164B185804C00FAD081D95B40FD26731F74F40CF43040F12426262B329D4E313ADD9AC661EB56A177E5FC7AE06ADA4BA02DE4B7A34F7753C26A843B4BEA12E997C91EE2C692FDBE8F9111B571F358CD3216692AEABFF0FED3FAF593F372C166FC111C246B54D96BD2DD55985D08A9E010087B5CA493D8748CC17353DD4931CEA7CFB108CE231DF92764A90B9B7CC245449E198DA3ACF1272B280B26109F8508B04EDCB9D56FA411A2B0FE826FA1BB95E7914B8B1A6D6674CC08A56F8817901A1CF88680249C86B6104C6B3BEF997470098BF908E9772A68276D67EBB1D384BBA766D49D6D5BA24C2780E0057C360A1FBBE84555478C42AE94D02BAC075548AE0973AD70BC2F2802C8E8648DEEF962F6291024D4E04EA992602AF1675FBECADB06D9146363E8F95B609D057988F5976C8E8D90588EE053AB2BD7DC2A41922E6331110C4EB28B1CB82778BCC7680C9C951BAA942B57336271E990CF995F714B5948E58C7B06B78ACF3C656F978B106CF881C1248A42F9BB0B7E0FCB1331BE4D09E220A4A79B103383230D3D31D9E306B0517B42248E7552C7021EEDA4ADCB0140D84C4FEB4DD744600AFA0CBE7A267BEE6282F184EA984301B5B80C9CF709ABEAE7328A7EE5DEA3ADEE65F78EE88CBC11D07230544344910FBC753CF3DD6C09452FDD480FC12854C7F64AFA580957C68823330F84D05C2189C180785FD2544CF8B9C6915BC83640B8D922F09D9899A22BC3AF65B6D89107504D43CEDE2AF44ED3E3A889160ECA919BEE98180DE8145E1FECB14CF588E532B2AF292D9B313E2CD0492CFC154E173D83820443DF7B89D7E8DAD2CF0E002AC44C8A5A9DCC6E33C355B6CE025A41AE2F746D917C2EA11C3FB152DDD05E7E43946736B220DAA5C7433A4BE5999FF6716AE5CBD9CC5D563D511DAC2C775E4B71B650B2A9BC7E19DA8E5F598DB3F47BB2EFE6C04722C2B2FF46DA7FE8A89FF7D73A7740CB5E5AD22FA9EBB130771AAD34C9689C538ECC868406D9C48C619B5215F67A8C410AFE69F888729AA7BCB552A8F17DFF3902A1664D949C60F1B680B91005A0CFA4C51EAD2743B7863D972B3241712F3A319A93A42DF01863129FA59CE766222C809C49179DD14F7B7BFBE3791032E3ABC72725E51724BCC40908BA04FE26E856EE8BC3FF5E2E2EE3ECF06C0FD75C5FEF03D17FC5BB2DD1B76F0746FD062B13245870DF96DA5E94D4FA7ED82FA8C9E921619534607BF2568AEE8FA58AD17532B3C871190E444A32CA9E8C9891668EED681A5AA9477B9BDBAA01A10FC4022B45AD588CFDE3BE1901D7B32CEC67029760B0F8322ED68C0A3ADE225ED9B2CA19AD8812A5E10DF9ABB4AC626CEAC83EEC4F74E5219912BF4CEB0D8A98E3F8AB5D072A40D4DFD46919E697863E561CDD9AC5EB2B16FA21975BA25F8467F729E7E078897D12795A3E4FD791C88FE7A0D0929C21E42AAD41863AF46E09C0B80091DB1394B17475A20B52855AC362B4C5F9E017666A481311FDE76DF154B3C5515B0F0E23B7DD5E8EB225F13280E18C83AB85609A2762BE92D0668D431F33DDDAC5897E651A43595314D1335C1AEC5ECA176C3F4035A6A36BFFB6B7D54342DFE363697CFF02C8114AE549EAA78B814C0F8FA96A36EEF9D4EF9DDC9CC46AEE21D3D687CB8A9B5D6380B59819F1ECA10E42C63D2C7C0D4AA68F7CCB7487E01EF36FF0F830786DF55B7987AF61D84851FB047D19DFB17AB4CCBBCE806D2BACCA880A94BBB825E4B2D0830D9707C1A8AA4E1E863C0B90B1375F0A251E43FE7B199A7793DD8A15A979A4E75950AA1F9778BDAE03BF09EF1AB76BBF9272AC3844F3B8F0403804206645553EFCDFE1255EEEE6F1B784BFF371543B4DD8AC125F146BDABD5BE41A3FD52F38D65A383D4E78D80451C3A2BCC6DF04C61DF9A37CCFB36F8E8708FADACF201FF41EE35471D86F5CEC36DA18EC7F7DB5DA6A77726930BBF571D2F94DB91AC116FA726A5FED051C76B8CD0CCB50827781036BA41D2754A816A15F3EE8CBA2923FB26C711A4D6CBA1E291EBDDF2CF9D658518FC183906221C4B26F3BD790258D5A5A15F9B98364A2530AE5FF344ABCA44BF39B11C9EB67130E4551022384064C8B3CF8B61890BAFF174D8492EF1EC2CB4760D836D87F1785D6611173B4B281E9CD3A52185894190A60EDD95AD696DD5549F40892BAA026943487389290075D4F187D3AF25F1293CE5AFB2DD92A7A0FEC6BE808F7666CE8E81BC19920C8266BD67CA4D256350D6FC4C6552E3FC1EFC2DA91647886EDC5AA6B9228E3905FE8B010000000E00000042365959565770306574382533640200000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001955D2C3EBC63A4D975A2842B6C673430000000002000000000010660000000100002000000070B456CA45CDE310EB99DAAE696423D38463FA5206DF9089B13DB19297D1101B000000000E8000000002000020000000D1BB6A62156A3458FC0F0251319D09C8E30D49DEA0D57A63447E75174CD1E98A5000000099A566F882E4BAE1368A6B9A42E6C0C281082F05E9F3C680BDF584E8BA0B75F513BE1DAB8C625CB085A20F1F44CAC97C49CF52FAEC4E669C1582751C33A8503D6018B4134A6D84CE7E87DEF8F531CFE840000000D942761E3F73B860B8E67323D9028285313C53C8BF74E0B452E69067E22CD8CB43E6FFC93CD16F58B1A421A826F60BD496948CA59C9CA67930B071E71E25645F
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\CHANGENOTICE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001955D2C3EBC63A4D975A2842B6C67343000000000200000000001066000000010000200000003E6291C33AA50E1D27FF94F2A355A87F735F6650B8614E7429DA08175FA75391000000000E8000000002000020000000593625628ABE8AF9CED0697826910E8F3E9D7CA1A8B1A50E564CBA55F2F626771000000021B7E079AA4C135F6691B0505F1C786540000000E64BEE2620A0861BEABCA92971574D1A115DD85C8D6F997E4A73395C93D2AFC02986DC3E04E9ABF0501DD9A1321A3248C9D824F471571DB8EE719CC113794A81
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1900000019000000E9020000E0010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MINIE\TABBANDWIDTH|F4010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\NAVTIMEARRAY|8E1F0000060000000100000000000000000000000500000001000000000000000000000003000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\DECAYDATEQUEUE|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001955D2C3EBC63A4D975A2842B6C673430000000002000000000010660000000100002000000087E66DEC495E4FEA33E9634828BDAD86423A8852455046036D31A9BA19D1B12E000000000E8000000002000020000000DDBC5E4A5DBBEA3C00A5BE4069CCEB07B9FA3DE133B39271B9765E547803A2224000000001A62F483568C23B0EBD705655A2F25E61EEF1521C517FE3A17B7CA7E34671075C81D9E136ABAB04F80848E3CE0CEE3C70B35507DEBC77B8792A667BE2E97B5D40000000CA4816CC8725E4B85589750E8F135A43342BC5D88E81DA37700B164EC413F8ECF749CEC9FAF41AA1FDD2397422A8D075339415E8CE82453F0C0CE7EEAE4996E6
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\LASTPROCESSED|D01DCE91A35FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1900000019000000E9020000E0010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\LOADTIMEARRAY|0D000000090000000D000000310000001F0000000000000001000000000000000800000001000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\LOADTIMEARRAY|12000000160000002400000073000000270000000000000005000000000000001300000005000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\LOADTIMEARRAY|1300000085E1FFFFAAE0FFFF8FE1FFFF150000000100000002000000010000001900000002000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\BACKUPDEFAULTSEARCHSCOPE|0000000068090000B7F945BD9F4DCE4BE3AD33D24A79114DC5539C82C20F6C347DF70E124CEC05A9AB09F1FB56BDE9817E7F74F0A7A4AFFA24F0FD89A8D9107F0BB9976CBA46A1D6681B36EA81293EC5D8594C98F1B514C494DDAD9FFCB0ABC12E542384DC1588B62FCDA19736B3E69A55DDC23110CB1B958CBCC99CADB401A9426874AA467A0D3D39C0B1669079DD17E6A916BE0706319A2A2C4A618B05745D729579184293BBBA1C947479469DCAA5F15E3998F085B008C3CC1187D9C3CB63407B41348D81E6058AE9712AF93DBD906F9D71C08C6AD030A93E9725DF0E845EDDB9E368BA6472F98A5FFE99627BA967F70460BCB8D404E3712101A4C906B88FA8F1038B4F5DD640F3963546DF75842E253582054CE33925EA14B09A0FCC6534B9C22BD1448A94740E2FDAB6244C795DF9CE0F0864B73435A9B907C6257ED1ABD5CCC458FA0C0A862EC8BC36892198B19A70BEB1B56FB0DF4AAFF60A7F3DBE70A3AF7F3D6F04637E1702669F07137BCE04BCFB8DD92D8B22989571857F29F9E2070BF43E0C909F85F27D383293411BABB45049750510C823F30DC8AE4B6247DC29805BF891D1C046D6D9CD84BCCD52D950CEE8CF6738A57257B64A8F4208141D63AEE6A69BE7F6958FB67C7967D6448EF1D4B45CC5C45CA0B22F8CFE083BC0834235287E74F3CA6E66B5014AFE7B43887C043097B3D6921FE01AFEF9531B73127BB5F392E1132543507495A56ADE8CBD12FC03A0ED8D167F5816B40021C863CA94CDB94BA26818953A9406D6C11D36DDA55DA3C07609ACE79CC2838E0762D753AC1F246D471378E4B7B5C0FD085A769F58C82075736A6DF60FC0BE9829094177AC4A61AD3B324BE9CE778760D3B321E4A1DBFC0DE0CFD1DA23AF2A202EDD3863C5EE23D98BE67024B67A46C0574A87A86B38F4DCC65A2BD5E52E2DD80DFE67C8B2ABCC8E9F4F37B8935E38C4A73D6FC2017DF4F34F2A57EF06DF2CD5188C85BDB821C080478E0E9746C437762DAE8C718D4BCA734A5FA4186861C05054A7677F0CF0AE4D0BC1ACFF2B4ADACCBEBBF8C43A43556B6519288AAE53F57B026FA5EE3CB83DE7B00967480A91FB432C86F9C3DE034644AD77F9770C57F660F604F8F34619F9876987DBFBED39EA89912D8A73742DAAC2F79B6017670C72D7AC86149E40B3293820592248A8E2943626D2A2A7105F999330A486F386118584FB15762337262DE9F9A02DB89B2CD19B9993D49FA93A436C49B29D930B0893F1E7D1F2A1B3116C17B67C2C412AB893973B9292791A5F75B5DAE4A66B669048A9D0DA66BFB8168200110E959F5324C58668EEF072C46CCBCDD75C7C22CE48896CA450F30B55D4B76F1C74A60313118A38B4C623F636031FD60F397B2775D2CF76DB53603FCAEB620CDFCF8F0CE21FC9FF653CE67FE0C2A611239BBD953CCDD3CD8703C73CE6FB784665402D17D4EE7DC7CA6E174A9B4A66D27BA2D86A8DD824A5B080CEEF40A4DEC909E5AAD88B1E343F567EB7D2343C19F7A56D8C06279506D28CEA28F13786E786A9DF414B42507F19FC8ACB258B3614FF971E9E056BA2344BBA61B00239413B47E64EABEB0022574F41B410020FDA0DA109D44460C4A101BDB9051F545875DDD55753754536350580DD1A99C8B6C6D60015AFFDE23831F42C83F6199F7EC274B4380CD2CD0D29FF5B35DE8F3CD79B596782CE86EFCEF175A8AF54A00D51C8A560C49AA412C29E0518BB1EB0142DFA0C96FE537F97C983B70BCF3FB4F1A826552FAE1D7136FD344E0346FCAF5A51811FA4E85DF6F7378685D2C0D79751FA7E3FAC33B60BB9D98B8416B796EB9C4ED26C6B2B0CC3F4869912FA713D743CDC6F5F97EF83EB9B204440A75B0E73EDE28B76887180C33BF05E2EF35E8F4EF3D799AD65A7A5DEC461FDB01B9C8295B3C44D9DE79DD86797687402A673EEF2E4EE9C7E5C5E3D70C317577EBA3014EB4E33B946E79D362D94A67A0F85487A6E714718C8327769ACD707F24B8196E20380BD6D740052B9B276A412B2AD5553128773AD134DC54A9B51D86E0E12E50E02B35C0B62094381AE7C52DBD61B499962097AFB4281C900633D946B9EAB6FB7E008FA315004ACAD1075A9748EEB416C6A060BA2406B4EAC455C328A6F36D3FCA6385281397BA15F2AA3E07FA4AE78EC47C46D423F57C26CE8766569C25A23FF46442C995A71DCB6B0F1799B8FCA563930976D7A91B5A46160F52BA937B09CDE46F4FE1A88DD27D2CC79FD67A2ED23739C8982ECE22277AC34CDEAEA2BF65DBB9D2B58A50CBF7BD350554485A7916FBAF3D6BE3765FD3D6B2DBFCCCCC85CE2B4CA06D3D854B693D89BC40594DE8D282E832E88FBAA8AE1BF58E184EFFDE15FEBE7CA6A55F334EA0369A4B33323B824EF76D5CFD879B2D1C8A17CBAF3C0B9927E12A823BA513D65730A2D3105019A021DDF84F16E433E0EA7593A0879A9CA3E8F194BF7A8ADB15148720E7CA6863111D8F329005D0BB60D7AA29E221FC337F83C363B32C0BB3078A2A8CDB2B812C41F403E6A2C45EDC3BF626CD7128631F92CA7320BC1A09484ADA0FE7E06DCFEC1FF756CFF50C6622A7E8011D5FA4EAA89DBEE315B7DEA0DA2FE6458C566B1AFB4ED9799DB5880294B39F211BDBF17599F073326A80D3C3B37650DD32BD2D6A448A8C676276C13303FCBD9EDA08B814DF59E94B7ECC73748C84FBB85C50BED0759F32252039D1EF27BD955D78A7E2DFB284433F911267CDB5FA08D9A266295F616CACB5D27A04380075F87B4DE5CB969A16F2FD02DDFA930CCD5A58BA4D46DF936DEE19346BE216045118D680314C6788CEDA7C19770605E7016222CED3E17E338D584A54AD9586E459A88C75EC0F475E75BBD6CC5C83FE89D0E24D4EA503254B7BAD4745A95883DAF049967A38DE3359ACB8FF9FC8CE7F4877BCBBAF6E35D39CA92F1CAB23F5193391FDEA96C9E3345A3563FAFD330F9E8BEB13620621F3ADE7BA9FBE84F095384ABFB78542D5B85324EC7EB7183CB13FD40EB87B7469D671D468E123364232E5A78B987BD664177078342B5140364D7341610DDABABCC86CEABBF56EFA46982BDE1412CE23B21AAF21DDDBBF2FFFAE32B822858DDFB4B3678D4E2E71C5B69EF71B31C85D54750BE2358211F7896DFD86CC09917F7C88116F94499E53A55631581829AB388CFC8535647E1FFC7E72E57F150D13CE3DFF0C8E89BCD70A59784932E8D97D63F3B8B09EC63627D8B78F2FE78DBB5E667AE65EB86699BA8C2EAB20B8417250F90E292802625A5B79661486FC99A2F3547F78A1EE81067AE0D2F9B1C606AEF7CA72B7359E9AB5BCFF150E248AC5B7149DED5F603C4B56FA0AC8AC0665B52A93E95F42432567B80E3DE568B2A1A0CAB417E1306397646719F8C5CE389863C6E761E521CAC2F460B152E8C010000000E00000042365959565770306574382533640200000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001955D2C3EBC63A4D975A2842B6C6734300000000020000000000106600000001000020000000FB90EAB3A1CA2B33736DD907990F9F9EB2BC980AC65E248BDD350B64BF62AA41000000000E8000000002000020000000BB7506251DD43263728A0F03B5B27FC7D68824B2E281AEC156F1775BDED88025500000003E92C3C44F5F1842201A4BC9A2419E2B04BFFBE2DDF6CAF756A42EBE1B09BF677DA7EB50D9A77368DCB55E3E237FB4A98BB77F0EC87E901135DCA89EC9D0EF6D3AAA88608B2ED5B3E627B27E1169C27040000000DC6C0A59982B3D6AA0B34788D377B4ED1F6DD624BDEA8AEBAE2DE192525B96D3F7CE0D2C9E70328D8C0546CC27B0D4681EF17DF33B8B7BD8E4E9E1998B38466B
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\CHANGENOTICE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001955D2C3EBC63A4D975A2842B6C67343000000000200000000001066000000010000200000007C7CA09DDD236A1600A4E8AF2581B62FB260FFBC43196A339DC901D740B97D42000000000E80000000020000200000001B31FE43AFCD33574B8EF640EAB70EF359B259791B88E0B708ECB27E058DE99C10000000BB9FA13FCF38B12A97071D679AC1826540000000A6F3724A0D5E2711061884B434E7728446E8FE677A40FCBA162DE0BFB6EBC64E75BA0FEE978230617E23D871948055445A9497C8C19611E2D5BF0F405ADA7DCD
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1900000019000000E9020000E0010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MINIE\TABBANDWIDTH|F4010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\NAVTIMEARRAY|2000000009000000030000008E1F0000060000000100000000000000000000000500000001000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPDAYSSINCELASTAUTOMIGRATION|1B000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPLASTLAUNCHLOWDATETIME|0020705B
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPLASTLAUNCHHIGHDATETIME|8D5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPMIGRATIONVER|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATELOWDATETIME|7802596D
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATEHIGHDATETIME|8D5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\COMPATIBILITYFLAGS|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\SECURITYSAFE|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\RECOVERY\ADMINACTIVE\{519AFCF9-CB80-11E9-9709-0A0027579C7D}|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOWSSEARCH\VERSION|5700530020006E006F0074002000720075006E006E0069006E0067000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\SECURITYSAFE|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\RECOVERY\PENDINGRECOVERY\ADMINACTIVE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\LOADTIMEARRAY|310000001F0000000000000001000000000000000800000001000000000000000700000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\LOADTIMEARRAY|73000000270000000000000005000000000000001300000005000000000000001100000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\LOADTIMEARRAY|8FE1FFFF150000000100000002000000010000001900000002000000010000001800000001000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\BACKUPDEFAULTSEARCHSCOPE|00000000680900009B0E87B9F39E43DFE7096A35BE743BA8A12F514D560BA70CC1547F8F80E4462337F1BFB88A969BD5FA416530336D34EE80660066BC05B3554785A6F966F3D80984E404A92D5C1ED3DC124292E59AD85670FFCAA048DD31EFF21E726510C7A5E8938914500A0E0520D11CCCC0A41CB3FB689880CF99B128FE8EC03A86BA7F7C34557F04993CCD1B1FE2FF071F3314080C0ED2F1541FA3A28D0E0CC1B08E3DEF928065BDA91AB96017755B2BB664A0DBDBA74D3DF9CDD156FE8CA0F386512020D1A6DD840215F26ACB6BD0EE6898E17D3A8DA95DDAAB5D8647011E7C3676483D28768683B31E987CE373FE64BBCCF74825D586FB623D663408E4240C48F3D485CFDFFF0E9D33CB80242185332A380373C00E855D559B0B9366055443FE08E6AFE392EAA1C278AA147A7D056611F023F9A50D44A9E7316E36C0194CD342A69D1C9942E674AE255854CD9E1D801FA178687E2E64B9EBCBADE12CFFADEE25231966C3AB92B2E13BF283AE806F09626D2321F2FC852C0C4BEA75CB4B18C5EB707A1AA41E9083593F9950CEB09A4DD6314208E2D747E815DF4304E5D52B4CADDDDF48174A7FC721606D0042D43E8091F3F66DF7B34AF35056DA8BDE2F888683C76AF100A3FEBAF20B8EF2A3F5FB297AD15FC27A962E5CEDFCCD81F51ECD324A383A5F141AAF2AEA021C45F2F8717B8A479EA18744940E7D273EE9D3B79B42E95D6F9EE97C311B49063714501640D2A819D162843C1A507FB54B05EC289316366E29D261A62355491DFF52892108BD0EE2195AEF3861A4F61316B1B1E053C8649B87E1575B274AFCA4941A6B5C69CA3E6797CD7BEB094D1A9DBD2D90707DEAFFF7AB71AA72DC3D42EF16B9EF2503678A54694E7EC7B29F0A1A6265C309AF5B7C77B4278CDAE18BC8FBA577326F76A329F2B02EACC1FC65A0992363F2CE8A1A5753C2072B0FD8F81FFB61363B856169E1DB8CA7206288DE410C2226A374AFD7C29BF4EFA46A6039DAC16A80968966C3375E1E70C14CF42BD3207ED27BD0BC0BE4C76C9446D71869C2C2E04ABEBE24033E1184C1E40AE1DFADF656A94E7053B7A50C49622A26A2D519C0E31350DA3B29E6D9DF2A54E8EF94A962CC4300FA124B1125AB1711719DB5EFCD931C19F04BFDE663505493C3BEC33BB8FEC4338C9A19407CB2FEA0C4A8AF7F8A10D5EB14F4A83324F56A7FE2EEAE9B4F0ED0CC6B8C48DCB57DCFE1276595A5A57A7A492DD68105FDEFFE3A6F20CC02D31AB340FF86C829CA2EC917C6728B6197F109DA1E91F76EEE5E696A42F29FF2444460B6442AB1A85DE411E3CF71CE67B49557B840C59180436330C12A05E893B0AADEF519161F4440BF14B93F0133C4D886B9833212AA051B1CC1DD51F9B61B2F6E042B96EB2D0E93DEF6A49EC14F8E99E4044E6418FFC4D7AA8774986EBA4AF3AE66752A4AC38FD9638C5BF853B8A9A6CFDE539F7668588F2D09D0E90486F4248C9844FCD135A7C56D87A61756D2998A67F380B0CEBD9531C6459A835B399D982654917B228FF7751C2710AE69636350CD53CC8FBF75848393EAF88F143C1F0E9E53D4E5DB84E42A9062EEBC2EC57F7D1F5F618BE968E2BDB56AFD20CDCE6A8D128FDD949D7824ABE865B35A44F7DF717E0F94B2ECD33A214DC15C1C27A24D17A4E573020919DAF4461193914A01FC690A12AF5368A58E1679A280AAC2054EBB7298C09DBDE44918C9157BEEE275FC57E3B38729FD678AEA5A8BE0ED3EBE95BB9E7D97745B621062917F5101AB58E23A292FE8D54B064A9C1095AF933B90EB34470B80B681B4F78FBD648CF5442BD45BFC4BC84AF269B35FBC46D9625A72BFE58C429C60D1BB52A36F3816BC4F556A077C1A556692CA59E57C564C543930424A8F90531BE9CEEBFBC608830D6B6A1230C9B1CBC0CAA0F5897166990C798793C76EABD8B26A988212E24894AB379A820C03701EB73C6A6C29BCC5DEC2BAE2FA7C4B02750BF511DE0BE3BE0AEB55843D3A4ACB6EB987EC62667BE503809CE82FC14484AC8F28CD6589E8A8CF4464632139BE2F57D84B2D68D7CF3F47B6BF5BB85D7B4B2E36A543549513FB66B803B20C037F7602FE287DAAB8D8E21A8DC39C50B50E2391570A387402833DB14ED40D912FAD3212D6BE703C55B77D4E444955680C1F3DEAA1F84C6F7E58C5064976D3B44F68B25B28AD06ED288AF78E1DEF75A8C2CC4228D11049AC68B22B94B7883FC440D0FB6D7A9501AFB3721B315956CB923737E946CEF071BDABB0811506AC8837F10558E85C161E8D6F90E950A01E7829DB7E714D623A0B5FF17409D7708132A2DE27FCA657D0143127020F37E1E719A91CC3A820448CBF071D1DD30AE8A69AB6F356D0B76E639CFBDEE9D01F9751EE57B0241124B387F2031DCBEB6C26BDDC59CEB2B125A76EB4A9F165613D55FCBE5816C31CA83DCC2325D29D6637246592C1D25B2D90F393F48A45972E1B58893E9C65BF492CDCF9AE03C1B57569DE3D09AE84711292B6718B470C9D8447169657D7EB37956D60B0E1C70332D1573EE76EA6C0141FFDC5A8133BD9985651E2C40D8F6B4DAB4BEC8F5B8D3234739566020B4B876440E0F9D802546AA92612C2B33335F91F75739437104E65DB7924D32D55BFAB81865F09A1549071EEB74EB603954D1CCF97E23049D6638746E1FC370AB911A28B0B6043A330FFFB88839F6F5529AEC77B8B3AD1633193A59785DF923752C7E8A222FD227E9D5B9497BFB04647E6C55E456CDC5C27C4AD13ED227EC0560868B3E6F2D15BD26431413C7CCB307A24F7CA4BF8D9F23346BE4D68DEE93806F9268177AB10743F6991029566B31A8EE60621AFA6B9852866C7D627CE5CBCE6AB8CA775576F4C65B25AFAC370D5F423838FCE8F350559A7C812B84CD84BA1988143A7009BDA88E3F6128FE6B5C087D9F693060D12A8834E890ED3F6E5CC02BB82E28A389102B45BC345251FB8F6BB50FB11BD47B12345BF2ABF2745434AB7EE85D36B3E60B1CF6CF483FF8C02047929A3B13A5FA38CFF9884B87559FC87FDD336447E3037F2E0B6B9E2A44E38F02802E4808B73A65DA57A6DB1BD5172F64D090229712F6F0EFED9E2171C864DF76F7CD8B876A509161506239DD04FCC58CC2F65517D5BC6505B75C61B0D52D598E5377D9B8D1316ACAFDA70604672F3BAE4E77D860DD473A22A2AC862C5D3FFF2D4D3815FB9DFD9CC589838085BDA6BB077D07FC01EBA74EF769871A2C129BD6EC1F0E9296F2829EAFEDE6BA099A6D2EEBE897A69492D13624C5F2E285B7541BE6E2F0614F30DCD20274E078AA3F8E52FEFB48FAD074D996B661FD2C0E5D5FF27522EC24E7BB071E30C865D72F5EFA66448F0B4E02C3AAB998F77A92CBF6AD721628E8543C52F767DBF2701C822ABAC3CA0DC5AED3714BB41010000000E00000042365959565770306574382533640200000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001955D2C3EBC63A4D975A2842B6C67343000000000200000000001066000000010000200000006018F5E93AACA86B1C0FF3E8BEB96FFB327FDD7FEA062EFEF64E37428BEE97D0000000000E8000000002000020000000B872917F477422BBFE6B86170BCD7E58E1868A472E8CA59B5B7385E3F61D225550000000F6960E35B589D38177B4CE400AA8F7FCEDCE2D675380C79C75F9AA91B5EA3A423FB610F4C051B3E62A90003AC17DEB085D226D0DDD8BEBB5156734477B466A37DE7B9C7D338D161BFD936C4E6A841D1F40000000BA0EF441F49DFEFA39E996F60CAAC5FBEA9947D1829801B9E491A23D161B41AB6191E7875A031AA3E95D1383C35341D6EA5D44717CF9421D7FD9996C783C2746
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\CHANGENOTICE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001955D2C3EBC63A4D975A2842B6C6734300000000020000000000106600000001000020000000761F9A512D7B65B520293C9DC2CC28C62024494BF0C84B80857339E5BBCEFADF000000000E80000000020000200000009004A5C91A06F3D87E8784DE38168ADC8A499C53BA09F72A865A2D9D5C09B1DE10000000A88AF2A2EC9346A33BF9ED444CFC94A140000000CA273C61048B671EF5BC18D61BEEC12C7588842B6EBF75B173EE17CFFB7808CD015944DA456A01E2B25E6B79F7B002AD2248DBCD68B82AFC49136356304EC9FE
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MINIE\TABBANDWIDTH|F4010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\NAVTIMEARRAY|020000002000000009000000030000008E1F00000600000001000000000000000000000005000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1900000019000000E9020000E0010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\LOADTIMEARRAY|090000000D000000310000001F000000000000000100000000000000080000000100000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\LOADTIMEARRAY|16000000240000007300000027000000000000000500000000000000130000000500000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\LOADTIMEARRAY|85E1FFFFAAE0FFFF8FE1FFFF15000000010000000200000001000000190000000200000001000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAO SETTINGS\SUPPRESSPERFBARUNTIL|B0A91C935A60D501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\BACKUPDEFAULTSEARCHSCOPE|000000006809000034C3F5B32625BB75448B48C49BB45E9A5624731C1B1232727294F3E86D29B8B608168AA23F4BA3D8F9B86710364C904A77FE5A74A1A456B0147C13C57B912416AB7E8473583204263FA3BA39C0AC5C98A77C512745488CDDE1319B263D92F3FC0C1C923E9F7A2F67926ACB366176C574BFC098DE649DA274FDD3B93647CC442B3A0E210DE9C37D9F012F4D9A5648CF4C39E9A3EAD242CBCDFD82761123DF28D7FF75A896EFADE997F610CC34E1C378221017F0E550D96B32DF5E468FCC6A3854C971084D20D91ABC482FA1847D88AE3DDA690EA82601860092877FDD9B0F4A4769238EB90BE5F50130AB3BF789357B6C8201948E805977DDD71D70E5CE6DB57070A97D2866720CE482A399F91D6C75CD79FEC70C5683CEF4B640B08665245BFFAD24DAA5CD218E6E7E39BBD6F5CB54327A8066922C1E7A50CA10BE9DBBD422796DB5F44AD08F5957FD8B7E6B84F3CE0A79A776C0C6C9E735ECAD74DE0E1D2331347A46D8AE5F6F2A43BB99A22885B6E6AB9293EB3626959BB83712790D9F564EF194D6A66A311F81D3E7DACBD41FA580E06305F592D36FADA6CE2A9970FAB85FB5235BDE15A3EB52573100B576631B600439F36ACB729357FC92C5A65ACEF8874C48B9063E564047D6B7D0A0B4EF3B064134FAFB71A2E9F38DA3276355BB072D05216EE317EA5B283B9B7B0182647BAB93731A409A0218F184212BD16061D446D3CFAA9CD3FF1858B5FBF80E3C63878ECB1838CCF834BC9F9B2CF7EC835F6C2D99729241A835DB5D22F9B922E78A52D6CF4255930ED707FCB3E429328657F304742B2B91D12C487EBFB3FFEC427BBBF93C11809C908A3296636ADCFADAE848B2ED1811157A859067664B056F91D45BC410A56A0BE7EF52827ADC37A08AB2A262B55A90932EDE0FED8CDFC9D29736EEE3F61D736D54A5065A3D5B0978FE5549A0701234C70ED888CD069185045E424200D59B3464914B11532707C49D06717FFA055E2B6CF4133193AA7F712ABB968F731B3E9A98AD83515D43007B862AA6E53AC85FBC9FD72F0679FDCB09DC54D49F835D2644FE4BEC3C5643665D6C3194732D8935238995CC28697994193DFC9A262F9F727B67AF25634E4959C28848DB51F54E01CD57788B0005F3F900D6668A9E8FB444936AA5D0ADD75FF91619611BCFF5EBE1CA8F7F0ACEC1771CE648014201C6B5BBDE99428CF86B7866793B98F39544B8F66EA630EA6E10EE1BE7CDB8638D7938F72900AEF88BDA0CC0E290B70542B6296170EDC2CB2C997D187C880B8E1EE675188EFD09B66CD137278DBCF0F0D96D3040FAD1C14DE689C33133A5C661E37A9D3D65672D650668CABB59AADD549F08D0B47366ED102CE811886C4B7E7EC9078688E2FCA2A487C8059CBEA3FED14B5481DD13408CB44304A73BB15A1283677F4F18442C4E152EDF19EA573CE407629157DCECA573DAD4EE3C6C1500AA1111401E0D58296957B31B4FC5600928965C4D28CF62073F20DC04B3398D1334C966F97487184E85090846284D7F29681EDBC981D729CE252779896CC42B49A649E61158A5FFD203CDFC60F6A22D9D073F91EE2315187AE88FE351C82B0E30783353AEF7891CD07042A698E7E4BF715699A3D535A79D0AA4F8AD7D51904F074425693A2B522A94DA07524CF1336DB559CC1ADDEEAE6CBE9C022A44D011C55893C0C8881D204B4826BE2519CEAFA84285771051814A681C624E09CC0AD0DF6D0FA55B83BA12E6E23606AA01E7786D5A8F3C5B9F1E9CA6542F7A321896ECC48ED972EF66C44AAE6E897E5D9F85AEF807B2BAAD1F5AC2E3EA0E27CAFFE984C8117AC93D9315E7CC9E28C83B63D371215CCE911D6A83DD0FB0B2F5B83A65BAA43DE048E3EA230950B15783D6EAC8E18C77E661D93D220E9715C5845C7CA3AC84F8AC905CBD5BD06FA5CA4E1260A11E845F3FCABCF43473CDC29974A79B747C584A6C421B4B955B93BE01CB88EFF848F7A8766CF48E042D43856F6640D1DA48C8A983FC7AD0B7CC075C8C988346FC7FBEEE24E79444BB5CA38C4CF8D3FD5B3246215260862301421A1AC057C729E5E3391D08DB24B0572185F636CBCD07DD58873CDD0C40E75ADDCB4738A71513C4944E886FE8FC81519A0CAD3A7FB34415DCC0CA90A1FB4393BC08AAB1276BEA92B2A9D443AEF4C6E6E876909AB417F38BDCB56B0DC01039EA017E948F7949C0625D68B085CCC3C1882B45F4F50A05C7797A83F5B607BD7DAECB78482A3C0AA89DB5EA5BB6E4734F2984386E8421AB81BFD4D4A14A183FEA773A76ACD60F1F9671DB9000DC9505DCEF11D5EF4B9A599E140CD30CE291147A366E3450E194DF5237ED69DDE07FF5EE87F316342613790B8D409109BB132BDAA086B5C27D6A8A7C400CF238B0421D39594B307D3B2DA7F42492AB41743F6D85E2A5D7328B304E9D6E586D304F7EAC434B37F39EE7883BA1D0205EA2A0B341750FE79D67E888D5484FF1F34B2CD371A0C1D8355A91C4CB58F50CD6A04911255F416F89025611385253F74FE93EE181B2914E920E958142616675AC48FCF70C83955B4A16A66AF60D5F8AC9735F48130859BA04B232607B09FA7AB71E6F07920BB5CD4707E435FCA247CA3C6B78A85A3BFC3A2F1F5EFF50C16A3D9FCD54DFADF9E1E451C41111B96D23D7C23EAAA0806AA8EF57B137FFAD4780DCD7AABE20B4A438C06249BA9D737522D139F4D8D2C9427DFAA430BD00F8E241793602716B79C971819072137BA6E82FD8CAA0BEDDAE8F3F796011C6A256A9D832F53BC45EE0268746F825574AD4B6210CECB1D061D767D78D14FBB48529E057294FC8679B3CAECD317BBFACA9702D168D2A03BBFE95DFA35671ACB249AA638F7C40E33FC0D8422361A2DC733A92AB6A7BE9CC855483510EF5BB1E728F5F202B4D6E23AA6E180370F614704B9C666730F604543E03AB333D88010B3FF5C29FB7BAD3DA20460E2E4C10F322A06EF33C161E687C3AAB377F9830ABB11E1CD7A12CE59147DAE65F8DAECEA7093752B991EC130F1758EC1BA5620E05F7EBA4C5C7A3EC749661F0F273FF5233AD76E7724AD6F5EE144066B117224004D2A42D944E1DF18CAC7902084E58BB0E59BBCC33C6E6E4D1757DB99B5DB3E7A0078857BFD9D812B3D188BD14C05229BDC610A393F9FC00B417DB84BEBA8B23D33538C3464C0971B71820C25D5483BB2E0A340B8F8BCB69834CB6691A666815DF320B0F94B4352D3CA484AF17B7969313DCD2A39C08CD3F9643A407035011DB64B81CDCD347EF65C9B47E26A18919D0742F3E0DCE2794A2D940CEFE1279D096125FB2CA8669653BCB8BE0C54DBE2592D60E66E8F919DFB24CA5E8EE4DD867676EEED979FFCAECCD9C199A2DD18535F958D9C8D397EDAC8F02C90F7759D13F6CC5F2A289BA8D010000000E00000042365959565770306574382533640200000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001955D2C3EBC63A4D975A2842B6C673430000000002000000000010660000000100002000000003C707A99F5AAEFBD52451418A6A0047763C20AC9C85BA6481F34CDBDC83586E000000000E8000000002000020000000BE95CE9A5909ECDB2008703CA11C2F9C140A51C7083CFE8B1D849C637B5075C2500000004E3E3B2C5728DFC76420C4D22A12A3026EDECE574109C865D445CE6B3BC515F7D6516D9BF96F421B7D9CFB3BF6A99B598A56DBD268BB6B1B895887AF9CAD37BB4881B66EF70EB173784B02A6F114D8FB40000000B4F36946331E6BAF1E25D968878D5166F166DD34F71E94AE8E802239A519A0712A6A372A0ABA1D3148F843E971ADBB6F0B31B880B8CDF8CD74C4222642A7183F
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\CHANGENOTICE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001955D2C3EBC63A4D975A2842B6C67343000000000200000000001066000000010000200000005B7B46680667E6D2E11FE40D371B55021FAD30DA358ABAB91C85FA5E32923DD5000000000E8000000002000020000000796269BBA8E9D80AF2CAF2936E45A65153C62BAEA3CBEA1EFBC26E7E8693856110000000C7719BAF89C855F91FD743512E80787F40000000B255F80DB40FFEE579CF955ACC99AAAB0A71D01EBC15A57D8471E4C7140B051CC11B7DB53CF24DD1AA82C7AF855E15EEDB1802AB5D4CE32E29DE349691534AA6
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MINIE\TABBANDWIDTH|F4010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\NAVTIMEARRAY|09000000030000008E1F000006000000010000000000000000000000050000000100000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTUPDATELOWDATETIME|3286AA55
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTUPDATEHIGHDATETIME|8E5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTCHECKFORUPDATELOWDATETIME|3286AA55
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTCHECKFORUPDATEHIGHDATETIME|8E5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|73020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E307080005001E00170035000000BB00
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|71020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E307080005001E001700350028001901
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|73020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E307080005001E001700350028006701
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|74020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E307080005001E001700380000001C03
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|72020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E307080005001E001700380000002C03
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|74020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E307080005001E001700380000004B03
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|75020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E307080006001F000000110000002C03
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|73020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E307080006001F000000110000002C03
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|75020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E307080006001F000000110000003C03
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|76020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E307080006001F0001001E0000007A03
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|74020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E307080006001F0001001E0000008A03
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|76020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E307080006001F0001001E0000009903
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F00100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0D2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|C29334798E5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|C29334798E5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|C29334798E5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMAINSUGGESTION\FILENAMES\EN-US|65006E002D00550053002E0032000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMAINSUGGESTION\NEXTUPDATEDATE|48925410
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBARTEXT|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBAROKTEXT|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBARCANCELTEXT|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPMSNINTERVALINDAYS|14000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPRESTOREBARLIMIT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPONLINEPORTALVER|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEXTNTPCONFIGUPDATEDATE|89505510
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb58_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_ConnHashTable<2664>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0x8ec_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb90_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2664
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_a68_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_a68_IE_EarlyTabStart_0x8ec_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_a68_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_a68_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_a68_IE_EarlyTabStart_0xb58_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_a68_ConnHashTable<2664>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2664
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_a68_IE_EarlyTabStart_0xb90_Mutex
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|03000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE04000000010000001000000096C25031BC0DC35CFBA723731E1B41400F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C92000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|14000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C95C000000010000000400000000080000190000000100000010000000CE63BDC595635C1C37B040B4E554BF560F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1204000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B82000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|04000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B80F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C914000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE2000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1214000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C95C000000010000000400000000080000190000000100000010000000CE63BDC595635C1C37B040B4E554BF5603000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B804000000010000001000000096C25031BC0DC35CFBA723731E1B41402000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|190000000100000010000000CE63BDC595635C1C37B040B4E554BF5604000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B85C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C914000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A122000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|5C0000000100000004000000000800000F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1214000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C903000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B804000000010000001000000096C25031BC0DC35CFBA723731E1B4140190000000100000010000000CE63BDC595635C1C37B040B4E554BF562000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|18000000010000001000000021D008B47B7A2A81C8435903DED424C9190000000100000010000000CE63BDC595635C1C37B040B4E554BF5604000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A125C0000000100000004000000000800002000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F40100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0DB000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F10100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0D2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTUPDATELOWDATETIME|AEC69FE4
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTUPDATEHIGHDATETIME|8E5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTCHECKFORUPDATELOWDATETIME|AEC69FE4
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTCHECKFORUPDATEHIGHDATETIME|8E5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|03000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE04000000010000001000000096C25031BC0DC35CFBA723731E1B41400F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C92000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_a68_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb58_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_ConnHashTable<2664>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0x8ec_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb90_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2664
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_a68_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb58_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_ConnHashTable<2664>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0x8ec_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb90_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2664
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb58_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_ConnHashTable<2664>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0x8ec_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb90_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2664
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_274
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|03000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE04000000010000001000000096C25031BC0DC35CFBA723731E1B41400F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C92000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|14000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C95C000000010000000400000000080000190000000100000010000000CE63BDC595635C1C37B040B4E554BF560F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1204000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B82000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|04000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B80F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C914000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE2000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1214000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C95C000000010000000400000000080000190000000100000010000000CE63BDC595635C1C37B040B4E554BF5603000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B804000000010000001000000096C25031BC0DC35CFBA723731E1B41402000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|190000000100000010000000CE63BDC595635C1C37B040B4E554BF5604000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B85C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C914000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A122000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|5C0000000100000004000000000800000F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1214000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C903000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B804000000010000001000000096C25031BC0DC35CFBA723731E1B4140190000000100000010000000CE63BDC595635C1C37B040B4E554BF562000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|18000000010000001000000021D008B47B7A2A81C8435903DED424C9190000000100000010000000CE63BDC595635C1C37B040B4E554BF5604000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A125C0000000100000004000000000800002000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|03000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE04000000010000001000000096C25031BC0DC35CFBA723731E1B41400F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C92000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F30100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0DB000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb58_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_ConnHashTable<2664>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0x8ec_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb90_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2664
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_a68_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_a68_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb58_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_ConnHashTable<2664>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0x8ec_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb90_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2664
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_274
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|4600000005000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000A00020F000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPDAYSSINCELASTAUTOMIGRATION|15000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPLASTLAUNCHLOWDATETIME|A0980212
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPLASTLAUNCHHIGHDATETIME|9A5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPMIGRATIONVER|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\BROWSEREMULATION\UNATTENDLOADED|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\BROWSEREMULATION\TLDUPDATES|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\OPERATIONALDATA|0400000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\FIRSTCHECKFORUPDATELOWDATETIME|CC4CEACD
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\FIRSTCHECKFORUPDATEHIGHDATETIME|D45FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATELOWDATETIME|CCCEED23
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATEHIGHDATETIME|9A5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\COMPATIBILITYFLAGS|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\SECURITYSAFE|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\@IEFRAME.DLL,-12512|420069006E0067000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\RECOVERY\ADMINACTIVE\{4F89089F-CB8D-11E9-9709-0A0027579C7D}|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOWSSEARCH\VERSION|5700530020006E006F0074002000720075006E006E0069006E0067000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\SECURITYSAFE|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SITEMODE\SHOWTABSBELOWADDRESSBAR|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MINIE\SHOWTABSBELOWADDRESSBAR|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\SEARCHBANDRESTOREBARCOUNT|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\SEARCHBANDMIGRATIONVERSION|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\RECOVERY\PENDINGRECOVERY\ADMINACTIVE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SETUP\URLHISTORYMIGRATIONTIME|464DB62F9B5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\FIRSTRUNCOMPLETE|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SUGGESTED SITES\DATASTREAMENABLEDSTATE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SUGGESTED SITES\MIGRATIONTIME|107478779B5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGE|68007400740070003A002F002F0067006F002E006D006900630072006F0073006F00660074002E0063006F006D002F00660077006C0069006E006B002F0070002F003F004C0069006E006B00490064003D003200350035003100340031000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGE_TIMESTAMP|1E9B7F779B5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\SYNCHOMEPAGE PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY|
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DHP\BACKUPHOMEPAGE|0100000033000000B466DD4CCF4E866CF465F6D736588EECDBAD994FF4B9A2559144B5118B154C5A9202FC59E06F8B8138C3FD4DFC4FF44DB15DBD020000000E000000547671776C7A5758446459253364
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DHP\CHANGENOTICE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\BACKUPDEFAULTSEARCHSCOPE|00000000240100000DE8BABD9D5AC024C7FECAB9B61D23BB849C79D8528C77B40E7A1E85B47B3BAB9913C7CDC8767C4426CA403B4B5CF0297B01EEF4E0FE8E5D4542E7DFD9C42C94EB58C2351F48C1847A76706E35F8429BF54EFDD387B6F72D9E3A4C0F9D7A5C71A356437435EE06F621A37280A31060652825F3DA49D3C0C41904EEBBF0BDEFB2E8AD3507FD8946BA8FF1363F16C6478B81243AB14075A60F033F0878BAADC69595FD2F52043ADC4DB700DB349E385372E9EC2E2E08BC647BDF8A7E25B26AE7FD52E600173B1F3027A870ABCC4488475F3F1E50D7FEC7E2793C874964E514D71D00087F7BE65955A26FE23596DFD419C8C25833EEFDB8405789D4F219BACBA0EE2803909CB1083B3C52F41A88703E9674733C8E105DAE715EE613D6FE89AF2E7B7677F4BB010000000E0000007A4842355A785074664D512533640200000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977|01000000D08C9DDF0115D1118C7A00C04FC297EB01000000A90D0F0850B39743BA42C6A480D116C3000000000200000000001066000000010000200000005BF040DC8B4A9DCA3C66847ADEDEAA19D8ECEAEB5BB0359FB5CDF3E0EACFC844000000000E8000000002000020000000790BAF01B819D82FE107D3A0978A90328DC884CC95248E466B947306340723535000000017E2A0CFFC8D41E53200B653EB14A9A58EC5D7908BEA7F2597A7BA81DFD0A8AC171D2CF7B192BD1F2D4A566AF8B1DD3240499D1D6735F914188101F2F04FA379F7A80D084AE181820535B85DA22E2E8340000000A6303D46460809309C66D55E332D07869E8B4FCE53B99246975F188E5C444F753110E185AB68D5859298CA4CEB500E9D46F338943558F02A4E229780EBA445E6
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\DEFAULTSCOPE|7B00300036003300330045004500390033002D0044003700370036002D0034003700320066002D0041003000460046002D004500310034003100360042003800420032004500330041007D000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\CHANGENOTICE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81|01000000D08C9DDF0115D1118C7A00C04FC297EB01000000A90D0F0850B39743BA42C6A480D116C30000000002000000000010660000000100002000000003D468A61BFCA5B0AE1A78E7BB0A285E016E73988572E659BB38DE6DB16DC14B000000000E800000000200002000000011498B959B976146B7E59B4FD208FE3B73F16058A7D235D7BF465C945601A31910000000BA7D163EE15224EF0806967959E8732D4000000076D87B265C10718A9D1D1B57992B5AA8893ADF7CDCFFEAD0D3050E8180747C21C06B42729D4797E64BB30CEEFF6BDA0292F61E85A6E94B256958BC9448827540
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\HASHFILEVERSIONLOWPART|02000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\HASHFILEVERSIONHIGHPART|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATELOWDATETIME|005699A3
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATEHIGHDATETIME|CC5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DISCARDABLE\POSTSETUP\COMPONENT CATEGORIES\{00021493-0000-0000-C000-000000000046}\ENUM\IMPLEMENTING|1C00000001000000E307080006001F0001001B000000A90301000000644EA2EF78B0D01189E400C04FC9E26E
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DISCARDABLE\POSTSETUP\COMPONENT CATEGORIES\{00021494-0000-0000-C000-000000000046}\ENUM\IMPLEMENTING|1C00000001000000E307080006001F0001001D000000570100000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\SELECTIONLOGICLASTUPDATETIME|E0E2F7A09A5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMAINSUGGESTION\FILENAMES\EN-US|65006E002D00550053002E0031000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMAINSUGGESTION\NEXTUPDATEDATE|A8AA5410
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBARTEXT|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBAROKTEXT|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBARCANCELTEXT|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPMSNINTERVALINDAYS|14000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPRESTOREBARLIMIT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPONLINEPORTALVER|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEXTNTPCONFIGUPDATEDATE|AD685510
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\FLAGS|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E307080006001F000100170000001302
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\BLOCKED|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\FLAGS|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E307080006001F000100170000001302
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\BLOCKED|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\FLAGS|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E307080006001F000100170000001302
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\BLOCKED|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\DEFAULTCONNECTIONSETTINGS|460000000500000009000000000000000000000000000000040000000000000000000000000000000000000000000000000000000100000002000000C0A8F0DB000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|E65ACFA09A5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|E65ACFA09A5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2572
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Global\KFIFavorites
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\IsoScope_a0c_IE_EarlyTabStart_0x9d4_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\IsoScope_a0c_ConnHashTable<2572>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\HistoryUpgradeExecuting
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\EUPPSYNCLOCK
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb58_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_ConnHashTable<2664>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0x8ec_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb90_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2664
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\IsoScope_a0c_IESQMMUTEX_0_519
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\@\"%WINDIR%\SYSTEM32\IE4UINIT.EXE,-732|460069006E0064007300200061006E006400200064006900730070006C00610079007300200069006E0066006F0072006D006100740069006F006E00200061006E006400200057006500620020007300690074006500730020006F006E002000740068006500200049006E007400650072006E00650074002E000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SETUP\HAVECREATEDQUICKLAUNCHITEMS|01000000
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb58_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_ConnHashTable<2664>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0x8ec_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb90_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2664
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_274
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|03000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE04000000010000001000000096C25031BC0DC35CFBA723731E1B41400F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C92000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|460000000600000009000000000000000000000000000000040000000000000000000000000000000000000000000000000000000100000002000000C0A8F0DB000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|03000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE04000000010000001000000096C25031BC0DC35CFBA723731E1B41400F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C92000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|14000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C95C000000010000000400000000080000190000000100000010000000CE63BDC595635C1C37B040B4E554BF560F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1204000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B82000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|04000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B80F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C914000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE2000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1214000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C95C000000010000000400000000080000190000000100000010000000CE63BDC595635C1C37B040B4E554BF5603000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B804000000010000001000000096C25031BC0DC35CFBA723731E1B41402000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|190000000100000010000000CE63BDC595635C1C37B040B4E554BF5604000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B85C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C914000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A122000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|5C0000000100000004000000000800000F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1214000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C903000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B804000000010000001000000096C25031BC0DC35CFBA723731E1B4140190000000100000010000000CE63BDC595635C1C37B040B4E554BF562000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|18000000010000001000000021D008B47B7A2A81C8435903DED424C9190000000100000010000000CE63BDC595635C1C37B040B4E554BF5604000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A125C0000000100000004000000000800002000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb58_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_ConnHashTable<2664>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0x8ec_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IE_EarlyTabStart_0xb90_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2664
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_a68_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\IsoScope_a0c_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\MSCTF.Asm.MutexDefault0
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\IsoScope_a0c_IESQMMUTEX_0_274
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F50100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0DB000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1