VirSCAN VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้

ภาษา
การทำงานของเซิฟเวอร์
Server Load
eb23b7485075e97636b331155a1f9220    รายงานการวิเคราะห์แบบผสมผสาน
รายงานการสแกนหลายเครื่องของ Virscan.org
ข้อมูลพื้นฐาน
ชื่อไฟล์:eb23b7485075e97636b331155a1f9220
ขนาดไฟล์:1535760
ประเภทไฟล์:PE32 executable (GUI) Intel 80386, for MS Windows
เวลาในการส่ง:2019-08-31 08:20:10
MD5:eb23b7485075e97636b331155a1f9220
sha1:3f226f084775e6b20aee64ea42ae5d6a7be83e91
sha256:cc3c9414059715191ef7861931ec056a986630d2164a9652a203f6731d6973ff
enviorment_description:Windows 7 32 bit (HWP Support)
total_processes:0
total_signatures:0
file_analysis: 0
mitre_attcks:0
รายงานการวิเคราะห์เอกสาร
uuid:java:java.util.UUID
xmlns:http://www.misp-project.org/
Event
id:de6656da-d995-433c-9666-683efe746da0
date:2019-08-31
info:Falcon Sandbox auto-generated for \"cc3c9414059715191ef7861931ec056a986630d2164a9652a203f6731d6973ff\"
analysis:2
distribution:1
published:1
Attribute
category:External analysis
type:link
value:https://www.hybrid-analysis.com/search?query=cc3c9414059715191ef7861931ec056a986630d2164a9652a203f6731d6973ff
distribution:1
category:External analysis
type:comment
value:Falcon Sandbox v8.30 Copyright 2019 Hybrid Analysis GmbH, All Rights Reserved, www.payload-security.com
distribution:1
category:Payload delivery
type:filename|md5
value:cc3c9414059715191ef7861931ec056a986630d2164a9652a203f6731d6973ff|eb23b7485075e97636b331155a1f9220
distribution:1
category:Payload delivery
type:filename|sha1
value:cc3c9414059715191ef7861931ec056a986630d2164a9652a203f6731d6973ff|3f226f084775e6b20aee64ea42ae5d6a7be83e91
distribution:1
category:Payload delivery
type:filename|sha256
value:cc3c9414059715191ef7861931ec056a986630d2164a9652a203f6731d6973ff|cc3c9414059715191ef7861931ec056a986630d2164a9652a203f6731d6973ff
distribution:1
category:Payload delivery
type:filename|sha512
value:cc3c9414059715191ef7861931ec056a986630d2164a9652a203f6731d6973ff|831d5df456c7963a54d8380d3f395b77f512d649e3bb689d31a8bdae953dd69a1868ab625f3f6a5d65071053acc5a042268787c8659b62b5aa5b9495e976b35b
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
distribution:1
category:Network activity
type:user-agent
value:Microsoft-CryptoAPI/6.1
distribution:1
category:Network activity
type:domain|ip
value:afs.googleusercontent.com|216.58.194.33
distribution:1
category:Network activity
type:domain|ip
value:api.parking.godaddy.com|35.227.236.88
distribution:1
category:Network activity
type:domain|ip
value:certificates.godaddy.com|72.167.18.237
distribution:1
category:Network activity
type:domain|ip
value:crl.godaddy.com|72.167.18.237
distribution:1
category:Network activity
type:domain|ip
value:crl.pki.goog|172.217.1.35
distribution:1
category:Network activity
type:domain|ip
value:d1hi41nc56pmug.cloudfront.net|13.35.103.87
distribution:1
category:Network activity
type:domain|ip
value:events.parking.godaddy.com|45.40.140.140
distribution:1
category:Network activity
type:domain|ip
value:ocsp.godaddy.com|72.167.18.239
distribution:1
category:Network activity
type:domain|ip
value:ocsp.pki.goog|172.217.1.35
distribution:1
category:Network activity
type:domain|ip
value:www.gstatic.com|172.217.5.3
distribution:1
category:Network activity
type:domain|ip
value:www.supernetforme.com|35.186.238.101
distribution:1
category:Network activity
type:domain|ip
value:www.superwebbysearch.com|35.186.238.101
distribution:1
category:Network activity
type:ip-dst
value:35.186.238.101
distribution:1
category:Network activity
type:ip-dst
value:13.249.94.68
distribution:1
category:Payload installation
type:filename|md5
value:urlblockindex_1_.bin|fa518e3dfae8ca3a0e495460fd60c791
distribution:1
category:Payload installation
type:filename|sha1
value:urlblockindex_1_.bin|e4f30e49120657d37267c0162fd4a08934800c69
distribution:1
category:Payload installation
type:filename|sha256
value:urlblockindex_1_.bin|775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
distribution:1
category:Payload installation
type:filename|sha512
value:urlblockindex_1_.bin|d21667f3fb081d39b579178e74e9bb1b6e9a97f2659029c165729a58f1787dc0adadd980cd026c7a601d416665a81ac13a69e49a6a2fe2fdd0967938aa645c07
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk|ce7030b72e14c10503a67a2c5f5c88cd
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk|8edbedd9ce54f60ed718338802451745ef5b121c
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk|51490a0a82ae4fa9071f1a1faab39b69cc20a0a1e0cccec9f6728253621fa1a1
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk|cf2c59b2f48b2d58ec7483fc6bc707f66c38ef9c2d820cd84a4d11bc4e755a9d10eb084eec8ef98aec8aef9742c16bedd8f96607064d66f5e537b3b703394ae6
distribution:1
category:Payload installation
type:filename|md5
value:%PROGRAMFILES%\Adobe\acrotray .exe|6986556f588cd2fc9b337262e423de1d
distribution:1
category:Payload installation
type:filename|sha1
value:%PROGRAMFILES%\Adobe\acrotray .exe|b4c81b11ddef660692a4e478d68a29a24501533a
distribution:1
category:Payload installation
type:filename|sha256
value:%PROGRAMFILES%\Adobe\acrotray .exe|9c46884bb29cdc25cd7f0c04fa6b81665a6cecc5afbbe458b1adaefafc177001
distribution:1
category:Payload installation
type:filename|sha512
value:%PROGRAMFILES%\Adobe\acrotray .exe|8d2d57358f3fcd893ef8d1ca1fe69f6a63a76263eee016f1d43a32a43e9b026847981fdc2543bdedcbe8d31de3642e00aed21c8f043bdef8eab0e26a09dd87d9
distribution:1
category:Payload installation
type:filename|md5
value:urlblockindex_1_.bin|fa518e3dfae8ca3a0e495460fd60c791
distribution:1
category:Payload installation
type:filename|sha1
value:urlblockindex_1_.bin|e4f30e49120657d37267c0162fd4a08934800c69
distribution:1
category:Payload installation
type:filename|sha256
value:urlblockindex_1_.bin|775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
distribution:1
category:Payload installation
type:filename|sha512
value:urlblockindex_1_.bin|d21667f3fb081d39b579178e74e9bb1b6e9a97f2659029c165729a58f1787dc0adadd980cd026c7a601d416665a81ac13a69e49a6a2fe2fdd0967938aa645c07
distribution:1
category:Payload installation
type:filename|md5
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|79eef3e9176522c79aa84ab37d649b14
distribution:1
category:Payload installation
type:filename|sha1
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|70ff13f69fdefc0377f38b6a81355149a2e3347a
distribution:1
category:Payload installation
type:filename|sha256
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|f8c762e8d0519b1635f630ce81689102b802fd38f2ceaafefb82cc505db8dcbe
distribution:1
category:Payload installation
type:filename|sha512
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|e9ca8cb2cdc9bbd9450aaf5c56f6cd9c76817e2edd771c11090696734218856db6fca109230ef66bf19baa7028ce56434765cf3d6fdc259b30bac3ed870e48ed
distribution:1
category:Payload installation
type:filename|md5
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|55ced091f68dcc005debff7f998339f7
distribution:1
category:Payload installation
type:filename|sha1
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|402db2d063b1fc71e0b217a4ff55dfdaed2c0746
distribution:1
category:Payload installation
type:filename|sha256
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|3eca9952c3b78816352016d12785a1ef70a01430605348d6d084023d13b67aa5
distribution:1
category:Payload installation
type:filename|sha512
value:%PROGRAMFILES%\Internet Explorer\wmpscfgs.exe|5f5dcb1c4f5ef253c6655723bffafa78e9f9a265e457c405abbd31da58e8a59443a80ccb4b1aed0ce22d227f06a326f8e27a3d38836581b4465200e9df4f0309
distribution:1
category:Payload installation
type:filename|md5
value:%PROGRAMFILES%\Adobe\acrotray.exe|3f68a2f505a4116dcebd75115717d96c
distribution:1
category:Payload installation
type:filename|sha1
value:%PROGRAMFILES%\Adobe\acrotray.exe|4ebc3f5d2a1021d6f30e3bebf21287fb147c794e
distribution:1
category:Payload installation
type:filename|sha256
value:%PROGRAMFILES%\Adobe\acrotray.exe|ec87604c3b90b29617f55829e3fdad371c3d7c1971a4e994007169793694daf7
distribution:1
category:Payload installation
type:filename|sha512
value:%PROGRAMFILES%\Adobe\acrotray.exe|75bb3da26b199ba64b066be0985d9835100922a104c646941fb975f5a568835f64f818b30fbe8858db5513dbc714c10e6de9190f103044bb2a577723b659b690
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DF085A8273FA0E52C4.TMP|a51db87e0f08b4b7d66845091fc624bf
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DF085A8273FA0E52C4.TMP|15e73880d38b67fd1d25df017e5ac86f52dee49c
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DF085A8273FA0E52C4.TMP|d3b4664642f65fb3d71eb2d9a76cec6936b61c7ebf123deca9a3b0808b61bf59
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DF085A8273FA0E52C4.TMP|df176fe677985bb4162fac029c23c53230dc27cb99c85d0f8a639883a0be770734aea985e9ae226fe7a92196edc030268de6599dd98b8041821f30872cb713a9
distribution:1
category:Payload installation
type:filename|md5
value:_4028773F-CB96-11E9-A10A-0A00272257C6_.dat|65b02b6d79112ce93f175ccb3ac937a1
distribution:1
category:Payload installation
type:filename|sha1
value:_4028773F-CB96-11E9-A10A-0A00272257C6_.dat|7976af6724066735711a8a92488c05ba366b196d
distribution:1
category:Payload installation
type:filename|sha256
value:_4028773F-CB96-11E9-A10A-0A00272257C6_.dat|d88827ec3ff6c7f0202843bd7f783df87713fb31cd86183e06907c4e3b0f2c3c
distribution:1
category:Payload installation
type:filename|sha512
value:_4028773F-CB96-11E9-A10A-0A00272257C6_.dat|c5775ab4eee1406488c98773b72c20d1907e9eed980d8605f3fea29d42e3d86c00af59961f6a90d56a9e99abc9f84f899fc276f65979707aa42e425f2be98295
distribution:1
category:Payload installation
type:filename|md5
value:_373BB1E7-CB8B-11E9-A10A-0A00272257C6_.dat|73f5ddab984268593e8f00a3bc7a70df
distribution:1
category:Payload installation
type:filename|sha1
value:_373BB1E7-CB8B-11E9-A10A-0A00272257C6_.dat|a22956c4ca55d2ba40c3cea744419bef5f6d380c
distribution:1
category:Payload installation
type:filename|sha256
value:_373BB1E7-CB8B-11E9-A10A-0A00272257C6_.dat|a0c311eacbb942d7c6042f915ea357d33ece628d38eaf51a77c28666b46a5389
distribution:1
category:Payload installation
type:filename|sha512
value:_373BB1E7-CB8B-11E9-A10A-0A00272257C6_.dat|af0edc14b6dd511ffcc2fc48919fadf84c684ccb4eebce6c891e1e281d5f7411d4698593a14aabc7041beeba68ed6c473580403de9e4bf891658e56f7e99ea6e
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\WHRENBZD.txt|480d9e58e0277b802a2d6c2bc446ba09
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\WHRENBZD.txt|c48003da20aba3b125896a85b27ef23e31f48a55
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\WHRENBZD.txt|29fc1551bdd233c1c8b4c6641ef3b38fa67a59c2d7dd12da12af7870d1eca5a9
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\WHRENBZD.txt|3b507603b695c388b7005bad0bb393872858876bab21366a72ed9d0dafe1e4db143bcd9bb1850769adc9b631b2cf8e86a1ed6aa47385bc2f0734b48af5071662
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\45OTO4MI.txt|0ec18aaa16da8dc976ae9a05ca917050
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\45OTO4MI.txt|6a5c58a6842713abc82aa6e9fb6ccac41d08dbce
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\45OTO4MI.txt|1c2f7a896b2eb160fa5bf1afabe802cd22759bd89106499f43319b0b19afa0ec
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\45OTO4MI.txt|c0b8390ec6cebe3204e887a7d23fb54b8c67d6086be9c1d1e339e56de69ab804f7025ac70c579dbaa51644256901be7d9bf7c096ccbf98e3bdc72f28699cfcc9
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|a08edf5bbaa08d29490e23f4b92c4440
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|9614c47172efec3be29f423d2f0481f3bc44ad9c
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|7ab4f0f25c6c459a1d04e8588c33ebe6c395407e05b1328089f6aa4d9ac69d6b
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|5ae409ef213d2638a3ceb1b42d95a885c812f9579a2d4d71ed946a541816b4290cb797df712dd72326d84c53efed181e8778515fa89b4d3799a29834cae58a9a
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\HAWH0H3D.txt|8dcbe17a155d25d543eef69a82938f54
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\HAWH0H3D.txt|987a0b996b2a53f093b4ed0159dada64a7254e84
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\HAWH0H3D.txt|2ad0951746fdae79a087cd41c83403ee4ec9255f80a7574c3f713c36e4b63afc
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\HAWH0H3D.txt|8ebc678dd711d49731dd6a4d0f19dedc5b29d0b2c0f12aacde35f31f2ea1e4c553629e98244932eaed956c827ef2ee669f7d8c3620c93e725d2a74e42134152b
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\GBB3SK3T.txt|2494ad563cf6363ebe99c79aa5908451
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\GBB3SK3T.txt|c1b8c717634db254fa0308388f29238e7c7a779a
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\GBB3SK3T.txt|fb729affe69416dfef8135296e0fd4c2aa63d7d3f34c7e53c5d0bfcdc776cef6
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\GBB3SK3T.txt|9b2a5541e50995d72339b5b714e850db2ff196a658333a1cc727f054f26dc57068a131878099a4844b593a28f52dd3e5d19277253a19e5f8b56520636353dc97
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|e1dc589db6ba36350df3d641eb7a90b4
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|85b4a4c5d736822e25b8b39bfd4bc547d31d7c85
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|6cefe7e098bb7008cd8291a625a2fad7632faae0370e130e30700bd1a56c38e0
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|08b936e2f1dbc86368b0c6dc6a2e11f8e4d361497a80da742476217e451dd327c13b2594d2a8a37a737150c7b4fdd39b064e03e05f0536324cda594228824e02
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|82474f10901a97135bffcf638f62116f
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|24eb0fd663b7d190902ed23da96de087e87ce0c8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|9b13bb32e4d3e6e5b323672b7afbc94c742f036096cdc868a1d310ab8c46e37d
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|c403f0eaf8faa5f648323e530a7e02ebda292805b702773ef5491f355140644742d6b0f1db062324c9b83a8f6784597c2f6933c22a38af61ed073b1ce01526c2
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\verAD0F.tmp|095c72688de7d90e6526dc0d8878f3f6
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\verAD0F.tmp|a1cae182fb7e86c74fb5467c0014b2a27472be37
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\verAD0F.tmp|8684403da59628039e9b4b0d245c5b7e1fac1242a087ded44eaf3b792e4a231e
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\verAD0F.tmp|ab7fd229a6f532ae11e4cceb01f823810b33d5c740bc9f290c79646c422affc27ddb8476c931d6e4a9686eed970e219b6cebbf68f9a12b6c629b6816cde1615c
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\DL2FFTJ2.txt|0addbaa807f6ecd71fcc01dfe5b49d37
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\DL2FFTJ2.txt|48875bda0af9aa1a85ecdd49bb7bcbb0dff5e405
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\DL2FFTJ2.txt|4059f029eb085fa191fa8a53d6a04ccfd3296b7f0af28f10deda2bb4f25bfeff
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\DL2FFTJ2.txt|2ab6c068892ee239d299e812b520179251798dc830969eaa17065d52e66e40908d4d822c9ff65a36c3a808082dbcba8d214610ba3b88cc683862dfddd8ba2bff
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\521F25E202FF760B8461B88413F425E7|588c0ef2afaaf73def92cbb4bc8a384d
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\521F25E202FF760B8461B88413F425E7|0aa4e4bb8ac2faedb310aba9f4210d320b574b38
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\521F25E202FF760B8461B88413F425E7|534f7263dafe6da799c90ad169283a2654e78c3065368e6d3e4acfba43e34b68
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\521F25E202FF760B8461B88413F425E7|733b16bbdc1cc6483d58f490c8acebfe848d613054cef770841e1617ad31859a7c848892f0ba4c701ed4d94a15b6b0e499b24c531c291da4ff054951662719a6
distribution:1
category:Payload installation
type:filename|md5
value:landerParams_1_.json|d2271dfd929e131cdc376b43bb4181d2
distribution:1
category:Payload installation
type:filename|sha1
value:landerParams_1_.json|cca6798b4843ee5ba1d8ee2ccd45317bad8d6e22
distribution:1
category:Payload installation
type:filename|sha256
value:landerParams_1_.json|b15d71e438d892b1038e0d52769c340ca34ea8da7a68edaf878b064edf8bcc76
distribution:1
category:Payload installation
type:filename|sha512
value:landerParams_1_.json|8f76a0245fd77dbe721f7292171c57c34c0c3c3e56e2484a3559cb9c559cc885fdfc87b258353356f12464c886b234b7a1c8b89b892623325793a49b47658ac1
distribution:1
category:Payload installation
type:filename|md5
value:caf_1_.gif|55fade2068e7503eae8d7ddf5eb6bd09
distribution:1
category:Payload installation
type:filename|sha1
value:caf_1_.gif|317496a096d6c86486a71d4521994bcd171a6bb3
distribution:1
category:Payload installation
type:filename|sha256
value:caf_1_.gif|e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
distribution:1
category:Payload installation
type:filename|sha512
value:caf_1_.gif|a9adb9feea4bc14b9c34ed17cd30f8cb36dc686e9f69a292fe65bebc195be4714391fd98ec7b67bfd363fbbb6089c41a0b7cab5130b50b461748e668cac75621
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|89e13af9104535e38d4cde04a8a6943d
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|99d5097582265ed66e29808668af6a1239bd7d32
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|ba05e6da42252c6892396bb7e89a7852910b06795b80cf619c331bec392c27cd
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|4bb3f8ca65c99f67a5f056b7b2317f5328652f4d970af1ffc21be6c06014ecf400ec307d46cc7f8463cbabbba75c3cc341c3d2cbd0acd516f176629554a84f58
distribution:1
category:Payload installation
type:filename|md5
value:search_2_.htm|85e6d378ce5ac2c6b41d95739e75b734
distribution:1
category:Payload installation
type:filename|sha1
value:search_2_.htm|7998cbb71dd1414fa6c836abfc31f97ceafe4c8d
distribution:1
category:Payload installation
type:filename|sha256
value:search_2_.htm|c4e40ca5644a25562e5f763f7fca8b2018722bc3e76ff340bcf3df8875e6406a
distribution:1
category:Payload installation
type:filename|sha512
value:search_2_.htm|c915f0b88cec878f88fe00d5c672027a2856ee7e7e2573b85625eec336c6b8612d9b1ca21c72234c6a43e0f72473af421921e3d4106efd7b81970c78d1c60f07
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\4A94QSXA.txt|23df6eb6fa0b727325e09b0492889883
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\4A94QSXA.txt|f373e989700914b90afe4cbd51b77860021bd1cb
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\4A94QSXA.txt|28a07655ed78a557bd947b281915d5a6627db66b920a7971a86607d23ae6d3f7
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\4A94QSXA.txt|c1cbde1299ca5a8951a8468d3912bcddc21b0d2b2fb5c25831c770ebddc4e18dd2be1ad2df4c23f60ec11071348055754ee7c1144989d1bd266b049b0655ffe0
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQW0X29Y\44D5BG76.htm|64f83be3a951c47063fad7365efbd875
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQW0X29Y\44D5BG76.htm|327518ecf4d548b1e8e07eabfcf99874afda3325
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQW0X29Y\44D5BG76.htm|f7c788263040e226e0a5f4fe799501265bfaeecf574da982d74b6725423926e3
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQW0X29Y\44D5BG76.htm|7736ed41db6af91feb42197a984b9f276d2f0dbab2909882cf41bad2cd3293a1e63a7d33e4d575c6e8f20d194ca564f27fbe4ab2b6c36a61a714a96e30452419
distribution:1
category:Payload installation
type:filename|md5
value:search_1_.htm|85e6d378ce5ac2c6b41d95739e75b734
distribution:1
category:Payload installation
type:filename|sha1
value:search_1_.htm|7998cbb71dd1414fa6c836abfc31f97ceafe4c8d
distribution:1
category:Payload installation
type:filename|sha256
value:search_1_.htm|c4e40ca5644a25562e5f763f7fca8b2018722bc3e76ff340bcf3df8875e6406a
distribution:1
category:Payload installation
type:filename|sha512
value:search_1_.htm|c915f0b88cec878f88fe00d5c672027a2856ee7e7e2573b85625eec336c6b8612d9b1ca21c72234c6a43e0f72473af421921e3d4106efd7b81970c78d1c60f07
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YV6QNZHN.txt|b84d163c03e415637d61e3efc3800e19
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YV6QNZHN.txt|dd4860e67c8e86b13d92055853682f6e9753f9b3
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YV6QNZHN.txt|49c96839b4ea85c1e28d076587d75acb2e05ffdbabd8cf6094c4c6a6deada892
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YV6QNZHN.txt|eca9f567331e3261dc131b58453fc0c1dda04f4d17446f1c5d1e757dea57a29072772de8628b2550f9b6a3c5a76121606a00822731ed07defdf8bf11f23ae93a
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|82474f10901a97135bffcf638f62116f
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|24eb0fd663b7d190902ed23da96de087e87ce0c8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|9b13bb32e4d3e6e5b323672b7afbc94c742f036096cdc868a1d310ab8c46e37d
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|c403f0eaf8faa5f648323e530a7e02ebda292805b702773ef5491f355140644742d6b0f1db062324c9b83a8f6784597c2f6933c22a38af61ed073b1ce01526c2
distribution:1
category:Payload installation
type:filename|md5
value:caf_1_.js|095eb19eaf3edff618332e6d0b606b85
distribution:1
category:Payload installation
type:filename|sha1
value:caf_1_.js|43ec426288cd858bfb05b0e22fe68ba80e66b955
distribution:1
category:Payload installation
type:filename|sha256
value:caf_1_.js|80d46bca0ed3436eb8b12f00143ed40df245d9ce470d219cd5295c273238f84e
distribution:1
category:Payload installation
type:filename|sha512
value:caf_1_.js|372d680692ecb55a9b93dc80f2dfcf246dd3b4cce1f8da6214855a378f296bc7711231a87677e226a07d7fec95f7783c7eedfea2777d1e211eefd7191d8779ad
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|a750fe86fdbb43dec09b2dcc26f2c168
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|94f1443052c4dafe54393f1a6e00960003fb11c8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|309a1a20c130251e3e9f18becaff0aecf7f842b8c1a4d987d23c2489441878fa
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|9dfaab66541ab7e58fcc0e738a3eae4ca8fdc4be6e7b517a33f5fe2db5c0d06160725be325dc3ab4e10d58a794812f125d9715e4941f4acd6aff9618fc617b56
distribution:1
category:Payload installation
type:filename|md5
value:caf_2_.js|095eb19eaf3edff618332e6d0b606b85
distribution:1
category:Payload installation
type:filename|sha1
value:caf_2_.js|43ec426288cd858bfb05b0e22fe68ba80e66b955
distribution:1
category:Payload installation
type:filename|sha256
value:caf_2_.js|80d46bca0ed3436eb8b12f00143ed40df245d9ce470d219cd5295c273238f84e
distribution:1
category:Payload installation
type:filename|sha512
value:caf_2_.js|372d680692ecb55a9b93dc80f2dfcf246dd3b4cce1f8da6214855a378f296bc7711231a87677e226a07d7fec95f7783c7eedfea2777d1e211eefd7191d8779ad
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|b15b90b9d16d4dffa948a3178cdb9143
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|a1c315ad8c1fcb3ad562b9777c7942fc1f025ea7
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|a0559b2fa6e7a2e6fa47714ac5da1ccddc5ad927f3bd9c72b834d145885ba004
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|980ab131652031a5f2e0f444a48ba4b970227a2476a90ea8348b2d31934035e85d9a2705e492bab078141a7a713087dcaa5af88deb939fadb57d02db27d38f36
distribution:1
category:Payload installation
type:filename|md5
value:landerParams_1_.json|d2271dfd929e131cdc376b43bb4181d2
distribution:1
category:Payload installation
type:filename|sha1
value:landerParams_1_.json|cca6798b4843ee5ba1d8ee2ccd45317bad8d6e22
distribution:1
category:Payload installation
type:filename|sha256
value:landerParams_1_.json|b15d71e438d892b1038e0d52769c340ca34ea8da7a68edaf878b064edf8bcc76
distribution:1
category:Payload installation
type:filename|sha512
value:landerParams_1_.json|8f76a0245fd77dbe721f7292171c57c34c0c3c3e56e2484a3559cb9c559cc885fdfc87b258353356f12464c886b234b7a1c8b89b892623325793a49b47658ac1
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|cc7425e6f6a268a188a9bc712c19bb5c
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|da41b93aa0585d5174d4cedca684e03de03b3874
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|9c2f5ea339d1ce24dede73a13a748ec063e39f75713f50dfaf8e65d7725a8313
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|2eabacae02e0d6fc5ce579e12e33d2bba9b49e6381016712b32cf25e4bcfeda60379b032d18bbd684cd123fa7c8550a18d4e9ba6c8a556f68caa01a35f17a205
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|b98594d35cc9b942e267d1d6b68ff980
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|f1640e940d3e6105fe89f631de7edbed06765c35
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|0fdb2fa634bd74c2869ba2d47ee852da4747ebad8e6ec662938e29067da2d669
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|870c73d658a008bd3c17d1cadcad13158f25ce40dec07c8b71b98ff70b45d6d9751f65aed1906116f76dd4eef4b4dcc04260f0c64554b4f6d83a928eb7359768
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|12b847eb89de1fded3a29b5fb45c0544
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|4e83693de4599464e9ee7b0e61b28a36f2d7d85b
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|37c03878e13dc983516d7ddfef3aa78d057d7cc9e8a76b6bd7894bc47e3c412a
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|98c8c595258e4c6cac1720a69c1c26311403bca2de96e8d441aaf058e7bd5a7adaf22c75275c42cfee7e54377878fc774b1d81ba53f0b1b8f2816e3867e1a76f
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\DTOU2JN0.txt|e3385a03302ed6eec271617eed0cdf08
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\DTOU2JN0.txt|59b07f1e8eaf8fd2237b4fc9b549b1b6981f5d2c
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\DTOU2JN0.txt|02e0e9439865a7b3f71c990f15f4b732c7237cf8cd45c5c446688197974dd30c
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\DTOU2JN0.txt|9e157c80d8838d37cd34ef951ae7b982984a6a87abe121fa8ec0209966fd7c3352121bf4ad1f7d137b26aeda68468a17179fe4b2641b6ba6b7ff7bad5e918fd5
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|a4206fb2bc553c0f49ab0027558959a2
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|18b4fa15b541dd5382cf68f92886278f1121b947
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|a70ae29cb134857b88696b0daa9216a68e0d3c618b79a44fcd03f928516c527c
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|c05cd9e6898e39a9d67470ef95151835227779fa2a225c291da34e86eaf1d46607fe1ffe3523d548fd202817bb34666b3f9fe54b292c0859b38ec30fa904960c
distribution:1
category:Payload installation
type:filename|md5
value:search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico|9fb559a691078558e77d6848202f6541
distribution:1
category:Payload installation
type:filename|sha1
value:search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico|ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
distribution:1
category:Payload installation
type:filename|sha256
value:search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico|6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
distribution:1
category:Payload installation
type:filename|sha512
value:search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico|0e08938568cd123be8a20b87d9a3aaf5cb05249de7f8286ff99d3fa35fc7af7a9d9797dd6efb6d1e722147dcfb74437de520395234d0009d452fb96a8ece236b
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|b7c85a61106b8286c8db2496bc778c63
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|566f24f62658c9fa8d9e500762ade5c6d5e7c7da
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|f69a7021a9cb316051c7cd85186412ab67c7fe426471688d9dc078ddf8d14681
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|2046e653ce5a538c86582cf44767881fca946ea58a5b58f16fb9f933d9a58e3e812e4d87414684d3d3b0813d992e5c092aed02ee7b9d8377d84bb757c435f504
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|7f050cb427febf47d649b223782b94a2
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|8ee5f16907cfb14465d442d576cfcbe1fbff7fc6
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|21015c6ca148b39d4c3e27cefb2561bfaae6d50e59db2167b14b93a85b82fd3e
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|e1e0f24b3461eef120e1b1ff708912d5a009bf47c302a718fc8cdb363f260186bb80bc8834791030abb77bb70f633c1eb14ecfc3cfd0e7de4219db7094dc3bcb
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|64b3858e3a5f87432c99b3c64fa6b271
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|bc36350495811f84d1e9f3006761cfed1a0c5686
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|a3504585bdd0511616b15e8e119162760cd57d660ac03b85bcee5d40527e56dd
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|17e8b653254674d58398a2fdac714db66c345899ecd37ab2159c1a4ccc4a1c668b708f887b7362e79263a7f81c2cccbdfad7f398d9bfc9eba342fff194e82b41
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VFEHULD.htm|ffb508e9a2d13136dd9c5f14da52e146
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VFEHULD.htm|ead40450bbe95f1ec410e8c07556357f30cd0f43
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VFEHULD.htm|0f4faabaff8c60196c37af1acfbbf116efd9c7fc4c5b60ec8b925316745f1b14
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VFEHULD.htm|e12a2c2e90351e68d5a00b40aaa7add4461d5275ab110fa28d5b41b1974647ded05332d2f35bf3763585dc8e92ea3cc5a0f2e2461de3fccb47c7d0bb7d64f778
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|85b83b85a018a934e9adca6863dfc0c7
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|e20cf77b4daf2f1866e798f2cb1b2caa0be2cdb9
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|3f565a316f845b3fd0fd1d9914898b19bc71a219551df03ff29070609749a382
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|063e1b46c585c1b0fd894bb00544447bb697585701626bfb7c346550b154826fadc5e3721dcee6dd9c422575c10c9a1d6f7d3caef6fbea46b7eb614e3d01c400
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|753f00918698d97baf33f688a4a53475
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|c42fb681d064e17cc0c833b5502441f0c04db403
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|3434b667bbc763a679140ffa7309986ad5d694e2f667a0693a6a0660cd8a662b
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|7c1ef5a78c5ed3f9302f61e7736b7a7730d5b2fd4d3a07dda8de8731042713f6a8b8fa67d2d3f2891382728f589d2237857ab87cd736e367870c162f381d79c5
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|bcccaa7a20569d5f8a23f347579d9d16
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|ecbeeede0bce7ca41db3835ff027dc89c12d61fe
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|5fdd497e845844307085b7a2ec173bc0e116e7df77fc7996edbc424013192e05
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|1a2c68c0f4f6273a36d67f0d2ae1e485d7697951c07a2114235005a324346f89476f66ebc11b616d1fad49291092d71fb07006e9b484d5709a7c7f8bb68b6618
distribution:1
category:Payload installation
type:filename|md5
value:background_gradient_1_|20f0110ed5e4e0d5384a496e4880139b
distribution:1
category:Payload installation
type:filename|sha1
value:background_gradient_1_|51f5fc61d8bf19100df0f8aadaa57fcd9c086255
distribution:1
category:Payload installation
type:filename|sha256
value:background_gradient_1_|1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
distribution:1
category:Payload installation
type:filename|sha512
value:background_gradient_1_|5f52c117e346111d99d3b642926139178a80b9ec03147c00e27f07aab47fe38e9319fe983444f3e0e36def1e86dd7c56c25e44b14efdc3f13b45ededa064db5a
distribution:1
category:Payload installation
type:filename|md5
value:suggestions_1_.en-US|5a34cb996293fde2cb7a4ac89587393a
distribution:1
category:Payload installation
type:filename|sha1
value:suggestions_1_.en-US|3c96c993500690d1a77873cd62bc639b3a10653f
distribution:1
category:Payload installation
type:filename|sha256
value:suggestions_1_.en-US|c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
distribution:1
category:Payload installation
type:filename|sha512
value:suggestions_1_.en-US|e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\GD8XNDUP.txt|0acd884628b972d60e45b5066112a44a
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\GD8XNDUP.txt|f4c1bec432ed431901263c6062c75c32e3b76fda
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\GD8XNDUP.txt|69b171dd68efbfb67dafe4ad865d429a7c4fdb2152a49f2138df1c2ac631d3c7
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\GD8XNDUP.txt|fc73656f4214f62cae6c22dc46bd06309fc08ac68cdd3d1951734c086e65c32801bf6f5916a86bac3804857ae72105dc6995d9d49b8df41eec82a4eeedf7b500
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\M9MEE7GI.txt|18028a77cd81606e2e554db7ae2d5ee1
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\M9MEE7GI.txt|58fd2c490ae9b69b5ac885d2fe2ac8d8f38cca33
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\M9MEE7GI.txt|be46a17abbc5c4522e4fa9c177aa1cd160bfcb61e5c3bdf33f998a76459b5810
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\M9MEE7GI.txt|fae475720b39ca0c62af6ce5dcb61e854d858a101d68c3ecf4a235acd0f557224fe55c53a7a2db4f215a854f14a790bc2b411f5ed39bd1cfd4fe4a992eb7252b
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\verAE48.tmp|095c72688de7d90e6526dc0d8878f3f6
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\verAE48.tmp|a1cae182fb7e86c74fb5467c0014b2a27472be37
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\verAE48.tmp|8684403da59628039e9b4b0d245c5b7e1fac1242a087ded44eaf3b792e4a231e
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\verAE48.tmp|ab7fd229a6f532ae11e4cceb01f823810b33d5c740bc9f290c79646c422affc27ddb8476c931d6e4a9686eed970e219b6cebbf68f9a12b6c629b6816cde1615c
distribution:1
category:Payload installation
type:filename|md5
value:bullet-arrows-orange_1_.png|31f21bbaaf88b740f21fe900701a8373
distribution:1
category:Payload installation
type:filename|sha1
value:bullet-arrows-orange_1_.png|75f71c5ed4e44505a12c453e76cb1c10953acb6e
distribution:1
category:Payload installation
type:filename|sha256
value:bullet-arrows-orange_1_.png|6bd48e5cbf3c20acab72dceb7208e9da630d34d4eb41ec165e168df9bec92684
distribution:1
category:Payload installation
type:filename|sha512
value:bullet-arrows-orange_1_.png|5a3fee420bbb3d997ae40a3530721e181bb71bdfa2d54807da227c1a11f50fb9bfecff979f53725ff83a89a9fe1251d4db94d247160873b00d13ed12b2bdb349
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|b15b90b9d16d4dffa948a3178cdb9143
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|a1c315ad8c1fcb3ad562b9777c7942fc1f025ea7
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|a0559b2fa6e7a2e6fa47714ac5da1ccddc5ad927f3bd9c72b834d145885ba004
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|980ab131652031a5f2e0f444a48ba4b970227a2476a90ea8348b2d31934035e85d9a2705e492bab078141a7a713087dcaa5af88deb939fadb57d02db27d38f36
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|7a6010701888f337e2696b41db33c62e
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|8e575fc1c0adb8e41cf1030cc560c0c081ed9df2
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|1014d8620cdf21abff2dfc2d2f5046087aae97d0cbed745bc4bf29e5ca31394e
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|bf9ae5c27ce4e7f6e33fd849801b90c3877190894536026f8aa55f0c01e119bb9232b2f3045df4397bffdc0e78cfaef7fde071bcfa68268f621dcba9b0344e31
distribution:1
category:Payload installation
type:filename|md5
value:dupe_1_.htm|85e6d378ce5ac2c6b41d95739e75b734
distribution:1
category:Payload installation
type:filename|sha1
value:dupe_1_.htm|7998cbb71dd1414fa6c836abfc31f97ceafe4c8d
distribution:1
category:Payload installation
type:filename|sha256
value:dupe_1_.htm|c4e40ca5644a25562e5f763f7fca8b2018722bc3e76ff340bcf3df8875e6406a
distribution:1
category:Payload installation
type:filename|sha512
value:dupe_1_.htm|c915f0b88cec878f88fe00d5c672027a2856ee7e7e2573b85625eec336c6b8612d9b1ca21c72234c6a43e0f72473af421921e3d4106efd7b81970c78d1c60f07
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\JW1ZV4YF.txt|264a26829f20cca78b289c5ee5678f53
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\JW1ZV4YF.txt|56c888b65b6235b33f585856011dd0d9f6236e40
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\JW1ZV4YF.txt|eb35ca442e9ffa3cb27afbf8e1241293ef1505bb5774a30c794f41a158bf0a45
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\JW1ZV4YF.txt|9933307e6f41ec27011ca6df395b90f8601067ca03fa7cd225091b0bd337c2aa2434b4c50204d9201bc2f468f5749b319812a271b3a4fc9623cad78ee7e8d08f
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\S2JDOUG0.txt|eaaf442328ea7946288d3b3a2e666087
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\S2JDOUG0.txt|59d88fd3a85a93c9f3f5979922103f58cf9c94fa
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\S2JDOUG0.txt|635ae3f5ca6d4bc44f7421ed8dc6af4c4a5ec65bfab4fb4323117f77b0d96b20
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\S2JDOUG0.txt|66d75d4dde9ca2767bdec349954c8b4bb365414dca835cc9228e6c59008abb0d8c54ae702d4fbafa0afaba6eec92b707310d5e2c6a9303151460e9f202e01901
distribution:1
category:Payload installation
type:filename|md5
value:caf_1_.js|244f53dfe0bda56f3c486f70a49f5687
distribution:1
category:Payload installation
type:filename|sha1
value:caf_1_.js|ebeb29c4d7a175aa5b449eaf391ff6b73e3ac390
distribution:1
category:Payload installation
type:filename|sha256
value:caf_1_.js|599585f9d164ee950f759132b5c2b5902182099e746d4dc902c17ce542f71113
distribution:1
category:Payload installation
type:filename|sha512
value:caf_1_.js|f5806ce9546f04f56a137d48172100c8b46627497bbc42a5547dc71786aef4d27b695d323a2cafb56aa8ba4492320e6fe65995061d7015bfb13e475924542884
distribution:1
category:Payload installation
type:filename|md5
value:main.b0434fd9_1_.js|cd052864fef0a75c2b506b42e1a784af
distribution:1
category:Payload installation
type:filename|sha1
value:main.b0434fd9_1_.js|8df1aeb9d4a903e2e4c10be5ea0c0111c5bb75ff
distribution:1
category:Payload installation
type:filename|sha256
value:main.b0434fd9_1_.js|858ed3ec23aa92070a7cd7e9b4ccda14820e8bb4de2f18de87f21dd98121c5c2
distribution:1
category:Payload installation
type:filename|sha512
value:main.b0434fd9_1_.js|cd2d1f44c95015c22918d69e871255f641fa50f94d923c3c02a6bf6ff29a74cf2f0b4fcef909253b7b3509cbefa8fcdbc5fc4db808b23bb622819568ea76fa43
distribution:1
category:Payload installation
type:filename|md5
value:navcancl_1_|4bcfe9f8db04948cddb5e31fe6a7f984
distribution:1
category:Payload installation
type:filename|sha1
value:navcancl_1_|42464c70fc16f3f361c2419751acd57d51613cdf
distribution:1
category:Payload installation
type:filename|sha256
value:navcancl_1_|bee0439fcf31de76d6e2d7fd377a24a34ac8763d5bf4114da5e1663009e24228
distribution:1
category:Payload installation
type:filename|sha512
value:navcancl_1_|bb0ef3d32310644285f4062ad5f27f30649c04c5a442361a5dbe3672bd8cb585160187070872a31d9f30b70397d81449623510365a371e73bda580e00eef0e4e
distribution:1
category:Payload installation
type:filename|md5
value:search_1_.json|449f61c84cd2f7342f95403c908c0603
distribution:1
category:Payload installation
type:filename|sha1
value:search_1_.json|08afdc36927b6c4e03c3088e5c9c812cc4215ede
distribution:1
category:Payload installation
type:filename|sha256
value:search_1_.json|19170bd75edc0b5183a2f9fcc3001d9d222deff61e5915ad1127b65ab581a2a1
distribution:1
category:Payload installation
type:filename|sha512
value:search_1_.json|f0656bd94c8e33ffaa08a5630f9b7d254ef4297a30b280a802b3bbd4fb8a6e6ac1dcdffb53d09325163ad2bffc0768247c9bf3a40160023aef4c9da59c738a9b
distribution:1
category:Payload installation
type:filename|md5
value:RecoveryStore._373BB1E5-CB8B-11E9-A10A-0A00272257C6_.dat|372200aa98260e6124e555d046a5a906
distribution:1
category:Payload installation
type:filename|sha1
value:RecoveryStore._373BB1E5-CB8B-11E9-A10A-0A00272257C6_.dat|eff2fc28c2d73a8efd91ae64d94555f4a0910080
distribution:1
category:Payload installation
type:filename|sha256
value:RecoveryStore._373BB1E5-CB8B-11E9-A10A-0A00272257C6_.dat|7804aee2afaa8f78241d6596ec25ba58ede5049cc4f5dfb5c42a554644958074
distribution:1
category:Payload installation
type:filename|sha512
value:RecoveryStore._373BB1E5-CB8B-11E9-A10A-0A00272257C6_.dat|10e32dbb578c670789e9f0c316793713a12b9fb6d135f9689177d8fb0cdf7151feaad2f03fb69562b1a5ca4f2d2e9e366dfa30204bb287fdce0a5e513cfffeb6
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|6a0ef6f823e3ff21f5c1e30077829b0b
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|54ab7c4e50e4ff151a5ccdd3d0748e9cbf5199b9
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|72e08d66766ff76d7c49c0287c0bb8e1bea623dfbf94fccd9eea8360e9ac1c2b
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|aaeb66aa49a1f711495a2c4da2b59367629a4d48e7fac1ab8fdb5a8e896739d691aadf9cd83d0cf0973b4218e474e39b6dca8f0ba365c8d2f9b85628cd5663fb
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\Temp\~DFDD42360F8C7B2F8B.TMP|d9ffa136a67df07fe2031bed1b2c7056
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\Temp\~DFDD42360F8C7B2F8B.TMP|cadf5619f3f9104feb7d3d00728ec75553563166
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\Temp\~DFDD42360F8C7B2F8B.TMP|e865544903d85fd2e055ec69d86d48e108d13fe2ba25bec1a718a1aba22d7fed
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\Temp\~DFDD42360F8C7B2F8B.TMP|8d5c23c1e009f3b7a830d29a19f2b70acf5c9b092cd9f97ad85b1270a036058a8ce11d5961ad7d7a494425f890a0df72b6b0dc55afbd43fd9d7dc4d9aae0f824
distribution:1
category:Payload installation
type:filename|md5
value:bullet_1_|26f971d87ca00e23bd2d064524aef838
distribution:1
category:Payload installation
type:filename|sha1
value:bullet_1_|7440beff2f4f8fabc9315608a13bf26cabad27d9
distribution:1
category:Payload installation
type:filename|sha256
value:bullet_1_|1d8e5fd3c1fd384c0a7507e7283c7fe8f65015e521b84569132a7eabedc9d41d
distribution:1
category:Payload installation
type:filename|sha512
value:bullet_1_|c62eb51be301bb96c80539d66a73cd17ca2021d5d816233853a37db72e04050271e581cc99652f3d8469b390003ca6c62dad2a9d57164c620b7777ae99aa1b15
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|5e6b3046cc3b70e0f5ad9ee1fa37ccf6
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|d0b0eb57b7c70c1dfee247c97fd2453d7fa98318
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|252f061b50a96aa7fcd424f11f23e83808bb4fc59ab2cea9383df9b79f494fc8
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|76be11d6347ae4da11f3b047b53b8630d9b0dfa5e1d4c07ca554c3c6eb2b646aeb32756b21a5ccd16b0bf5ec7bf56042d4c5a726bd5330e626e5e6f7071d6a7d
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|0842fe8ad4c3f90f1cbeed74d6cddbb0
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|fcc488ac582a99ad1a0a845f8bf4325a6c94416f
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|5072cbaff8384528061d840b711abced651e9f362df90de064f7ae53622643fb
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|81a31dee14d50c7f773d2b6b498dd1231584b51ef78b9e1cff9674fec8739cf67e1693375ba54a59f5d6b7f1be4b19b09e927a2e8fe0df96716e907e1947e518
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|b15b90b9d16d4dffa948a3178cdb9143
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|a1c315ad8c1fcb3ad562b9777c7942fc1f025ea7
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|a0559b2fa6e7a2e6fa47714ac5da1ccddc5ad927f3bd9c72b834d145885ba004
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|980ab131652031a5f2e0f444a48ba4b970227a2476a90ea8348b2d31934035e85d9a2705e492bab078141a7a713087dcaa5af88deb939fadb57d02db27d38f36
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\7VVNKS53.txt|0dcebe17e11b7847a08730c890d87fd8
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\7VVNKS53.txt|8c6dc3311d952cfe0d01a53711f4c9a26a8c0c7d
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\7VVNKS53.txt|84bb77ac0bc1f6c5c0aca8426084845826eb8b5b06139c58fa11eda974a441ad
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\7VVNKS53.txt|7e6a729becc96f85be5a0580d7f9ab0388246590e96db465279bd0717486dadf2ebac429fb78f5712a1db7e269770590ff1b1b46eb3c25447a267fb376b796c0
distribution:1
category:Payload installation
type:filename|md5
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|c56d8532c00d3f61c882938274c417a9
distribution:1
category:Payload installation
type:filename|sha1
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|acadca3d01446de05226eebfd9fae1350d6e2b5b
distribution:1
category:Payload installation
type:filename|sha256
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|40c443906898ab162787fdca81ef0b21c749e37f2ec2f56f120d828869fec2ce
distribution:1
category:Payload installation
type:filename|sha512
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|c7e875c5aee468bf9a15242c9444753f0b8504e5dd8e0a8f83170b866f2717f02af5fe0d2b62ba4ffd37911046f1e4a111ed7a2b23f5fa837ff969b9b4d96e23
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|35500ec966de1aa79a51f3393f2f5eaf
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|d436611f9dff4c7997e258047a7cceb0179c171c
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|e94f506197e9a011009bb45251f77a85516f4a5a5dce5e341aeef9a9c6dcb8fe
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|d9fcb0f07390a4b022fef3bab92123aedd214d42289e117e0d2cde1f2cbb1306bff0c29bdc4ca08c623c8255604dfe90392562cfb661bd6d6851655e06e708be
distribution:1
category:Payload installation
type:filename|md5
value:suggestions_1_.en-US|5a34cb996293fde2cb7a4ac89587393a
distribution:1
category:Payload installation
type:filename|sha1
value:suggestions_1_.en-US|3c96c993500690d1a77873cd62bc639b3a10653f
distribution:1
category:Payload installation
type:filename|sha256
value:suggestions_1_.en-US|c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
distribution:1
category:Payload installation
type:filename|sha512
value:suggestions_1_.en-US|e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\JavaDeployReg.log|619cc4d4385138b416150dcf2a620017
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\JavaDeployReg.log|9a6ff8c832d3ee05b99dcb39930ba9c0353d2798
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\JavaDeployReg.log|307dd36841a220cc3f49f302d0934f83c6a3cec53c0c07323b20b2a52dc820e0
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\JavaDeployReg.log|993c9e8a3d22a3b669f9595a3cfca9d93fa8c4e89f37ae6bd6a73d90b1d840c980afe01733e950259cb9900c975108660029209d6c6b5144e88bbd01d719275a
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\EUPP\HTMLSelectionConfig.xml|92bb55734dae8fbafd70a64b23e58a8e
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\EUPP\HTMLSelectionConfig.xml|79b7067a38413605f5bf7e9c61d24bc4bd4b4c3a
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\EUPP\HTMLSelectionConfig.xml|1a4d81fd258ec9669bf53b015230fca510855e3bff65c17f9dcd1ccc8b03e585
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\EUPP\HTMLSelectionConfig.xml|0352c8d7626b287dcc8e3e1f33fa995617069b7bfe343722863abdd7cdf2d27e38a2335853c4474963d8aafd5542f523e10ad7c8cc0ed95dddb6c7d720a531ac
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\H2CQC17I.txt|e91ea6df76ffeb865a30277d55729635
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\H2CQC17I.txt|6f8b93fed0ec71d403a049a9c3e2f50e3974d107
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\H2CQC17I.txt|1e3065c90873e7d2710829c9fc50fb48129f9907e073042e35b0dd7f1a2e291e
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\H2CQC17I.txt|716c27c376dbe253a28cef3269cde12aefef93de81b3e4bf57afcd9766087506722fccc737a5df90a9bd219f3a4f684e35b0af23ff87c5b7a9b57e4e5972fda6
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\521F25E202FF760B8461B88413F425E7|b84dcaafb722b28f45b6dc68a1aafd42
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\521F25E202FF760B8461B88413F425E7|cc68cc5e812ce3e993b0b1528d4c4a87b272499b
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\521F25E202FF760B8461B88413F425E7|dc8d04c58a8ea43a60025f591f2cbd4c919fb9de3b7d22076299c4fc1ed47a8f
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\521F25E202FF760B8461B88413F425E7|a65406d1fe5edea843138d68c71cff6ea8896e21382707a1f9013bc566a73d680f8ae3f8bd383fb8e3e87ea6b1af7b42dfe7f35bf58958852fda989e4a2cdb5d
distribution:1
category:Payload installation
type:filename|md5
value:%PROGRAMFILES%\1015640.dat|4352d88a78aa39750bf70cd6f27bcaa5
distribution:1
category:Payload installation
type:filename|sha1
value:%PROGRAMFILES%\1015640.dat|3c585604e87f855973731fea83e21fab9392d2fc
distribution:1
category:Payload installation
type:filename|sha256
value:%PROGRAMFILES%\1015640.dat|67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450
distribution:1
category:Payload installation
type:filename|sha512
value:%PROGRAMFILES%\1015640.dat|edf92e3d4f80fc47d948ea2f17b9bfc742d34e2e785a7a4927f3e261e8bd9d400b648bff2123b8396d24fb28f5869979e08d58b4b5d156e640344a2c0a54675d
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DFCC394EE9D76303AC.TMP|f1c5f5d7bb509887d8a32332bfcc4952
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DFCC394EE9D76303AC.TMP|684a1dc758ae364724bb0ee0f7154aee87bb7bc1
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DFCC394EE9D76303AC.TMP|2ed1b951032cb32e8b1eac4a092864a0edbefcf78d86b6761d8268641c102fea
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DFCC394EE9D76303AC.TMP|ec2477676426411d95b0af038246b24e3a944fa6d219dabc5e7a6b083e97425f4d5cb6166f4fa831c6ec192eb9b2e3146c0e41674119fbaa05285793076a811a
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|7cbe87b18b3c13f3dced1999013cc816
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|7000c8144f77cb76e39a930cd67a668fd5c1ffeb
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|d9692980c5aa9ad4d8134a4cdb1711552c239aad9feae2feeae5e0614517fbbb
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B|f31eaa4d42e2f067938d650fc1807599381d81d35a525dbe57ed36df54ebdf216f9396bca429f9555c68004dc482ae2e5df63a9adf1cb45a5d3c26c2d2f96fdc
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|96c25031bc0dc35cfba723731e1b4140
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|27ac9369faf25207bb2627cefaccbe4ef9c319b8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|42c5b22334cd08c727fdec4aca8df6ec645afa8dd7fc278d26a2c800c81d7cff86fc107e6d7f28f1a8e4faf0216fd4d2a9af22d69714ca9099e457d1b2d5188a
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VTMINVVP.txt|700c6d5e90977213e59908d81b3ce194
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VTMINVVP.txt|50d511a011d68ec4bb8310646d39a65208ad9d52
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VTMINVVP.txt|37786d8fe62d7012e3a15014fa009dfdf5784f46acbdf3faeb9bd643e91a5ea0
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VTMINVVP.txt|98f7639a5cc98a5e7e94c8f8c0cca9c46cdd615ecbadde9ed37c4d2215b6da50df17dc62ac0edd097eed90d8b3b55390c68beaa5474745af4101b57fc64ba080
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DF251155FC950DC79D.TMP|d03f5e617389f15f3d1d96f8777784ea
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DF251155FC950DC79D.TMP|b4fef13d10351a77be9aee0b64aaec2ab49fbeff
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DF251155FC950DC79D.TMP|69d0938e0ab7e68324a4d2caa6d341895de135ebb99f56359f48e55f6828c621
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DF251155FC950DC79D.TMP|618370b352ffae3ef19d1a0d56972cabb45312a4f7e268bc20226b729dff52adad4a1e0c55bf469f2191f7984d9527f3459dd728e60dc295dad75c6941bb4de3
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.2|5a34cb996293fde2cb7a4ac89587393a
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.2|3c96c993500690d1a77873cd62bc639b3a10653f
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.2|c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.2|e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|a08edf5bbaa08d29490e23f4b92c4440
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|9614c47172efec3be29f423d2f0481f3bc44ad9c
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|7ab4f0f25c6c459a1d04e8588c33ebe6c395407e05b1328089f6aa4d9ac69d6b
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|5ae409ef213d2638a3ceb1b42d95a885c812f9579a2d4d71ed946a541816b4290cb797df712dd72326d84c53efed181e8778515fa89b4d3799a29834cae58a9a
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|316837a9e5517a5f18321d939eec7cbe
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|324d8ab1e3b91c0d544a2f17fbbe0d9a1f33c09b
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|dc59a22a5bd8da84125a228a7a409550b6a27935d134a17ee49f826a09355a14
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|f90f34786d70da68672c6567f32586b854bc2228b5eded506971f366916a51b68b13ee3ab7b5a5b53780ee60cabec04725460a3b3050381e6057b36267230310
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKDNCXYS\55PYK74X.htm|d31611a0b255e7bd0cb7aeec6efdb8a7
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKDNCXYS\55PYK74X.htm|7d9a9436b89d489a84c60b50ba1aa32af4cd6a47
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKDNCXYS\55PYK74X.htm|40eef4011797fe71c470851ed0835a4cd92c3ebce774b65ebb6fadef9bb9dba7
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKDNCXYS\55PYK74X.htm|dc6393810bc918fac4726cdd85bac60b5e283b335f215683c8092af43e0b0d48093fa7fd07ed20f219c54877ee6f8291fdaf085a2a3898febb187c27561bf6e9
distribution:1
category:Payload installation
type:filename|md5
value:favicon_3_.ico|9fb559a691078558e77d6848202f6541
distribution:1
category:Payload installation
type:filename|sha1
value:favicon_3_.ico|ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
distribution:1
category:Payload installation
type:filename|sha256
value:favicon_3_.ico|6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
distribution:1
category:Payload installation
type:filename|sha512
value:favicon_3_.ico|0e08938568cd123be8a20b87d9a3aaf5cb05249de7f8286ff99d3fa35fc7af7a9d9797dd6efb6d1e722147dcfb74437de520395234d0009d452fb96a8ece236b
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6HKKDKI0.txt|f864c8ebc2f4c184c5c52adcadefe5ee
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6HKKDKI0.txt|c91874e6ec38f5ab0bf48e135ec20b3723055ac5
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6HKKDKI0.txt|ac3a069f3925a4481d43d135e6bf04197af7e51700a5e96e88490ef468a574c8
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6HKKDKI0.txt|1d2821e589c64b34340713aa949568b8f120a06da58e01bf3d362f5b00097174a48c68a4c2f58b7cf7a39db298b27c7a607ac2918b3005351163e98d5496c0dc
distribution:1
category:Payload installation
type:filename|md5
value:info_48_1_|5565250fcc163aa3a79f0b746416ce69
distribution:1
category:Payload installation
type:filename|sha1
value:info_48_1_|b97cc66471fcdee07d0ee36c7fb03f342c231f8f
distribution:1
category:Payload installation
type:filename|sha256
value:info_48_1_|51129c6c98a82ea491f89857c31146ecec14c4af184517450a7a20c699c84859
distribution:1
category:Payload installation
type:filename|sha512
value:info_48_1_|e60ea153b0fece4d311769391d3b763b14b9a140105a36a13dad23c2906735eaab9092236deb8c68ef078e8864d6e288bef7ef1731c1e9f1ad9b0170b95ac134
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|62e4c12048488c05568650f8d02d901b
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|c63d176de18274ab7a7f99e7cf9d57fb00ce8e0c
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|7453eab33c901751fc870f43970ad4d619856e2d3172e7b34abaa23188eea29d
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|9369b3a79abf15b70391402dcbcbd01cc6a30b7b92d3f4746082ff787bdb3bd89608d4fcc1c443c23ebb660108e716fd88e3c4aab2202e8cab6993a6bc4957c6
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|ee4a527fbc65fef137de0feb897fcfa9
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|f5140432513d57d42218c3496d658a7f6af7121f
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|70d3e46946185348b48c16c720932d28721dba4691803b2b8971a19c39e50718
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|a6d79d927a881b6d35e417a97d3c29b5cb648a7c142988f19a0a5a089212ce42a7fd055f94853268cb826acaa73e4db85e11ffebf0c985bb6384d4a69152e48a
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|f3731908c3860cd0f38369d7236bfa0b
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|e7fd51bd2d0e25dd0d2fdee872ff6b3f28cb7cc4
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|fd960f375afc2cf387efde3693afbedc52c929204e04dec42dc6460efb6c2775
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|749305540d0ed10b83c280a761f3e2918af5a0323d91e4bd4d816e3846218a0e08e1de857615c19f44cb469e01b360802c5fd947a1ae6cc8a2be2dd2240349c8
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\37NU00GP\NH5244WC.htm|ee17504e0071e65454c589388652f539
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\37NU00GP\NH5244WC.htm|02c10d71abf6ee74d9d7fd1db7302b9825419150
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\37NU00GP\NH5244WC.htm|d63369c0c06f13e2b95f9ed5a212b9f812e2994baf3c8f7db74fbad6ad54a778
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\37NU00GP\NH5244WC.htm|b9fc4e7023e6ac4a6e72583ced5870b7739f7812fcc3938d3b0c5335450bc35970413a033af19b81d7089c74c2ae5540c35f86c4cfe0c10a33412507769a8cda
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|5f8b369ff3672dcaea42cfd9550743a3
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|f6c8035694d3bc3351f15df33caf7bcd69c74516
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|4c59718aa88c02689a734c6c56497497a2661c3ba970e391c9b5702842b1ddf8
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|62d16ab6c30c534eb8afe88631fea0f7f4093cd0fc3d840fe5f670057fecdd9a5b35f7acadf11b0ad1adab3abb89f8df6083e5d46b72d3546f6c83c4978fd6b0
distribution:1
category:Payload installation
type:filename|md5
value:ads_1_.htm|17ce8effb63c815f25353694716b9506
distribution:1
category:Payload installation
type:filename|sha1
value:ads_1_.htm|c38ea4c76d6559e780ab37e82962eaeb66ef222f
distribution:1
category:Payload installation
type:filename|sha256
value:ads_1_.htm|94b8775215ede910f53a7939c792b6287becf4c2e194e7d5e693a7360b67448d
distribution:1
category:Payload installation
type:filename|sha512
value:ads_1_.htm|a659fa1c271906b7c1ce4ed75c690ee4563479fe13ccd1021ca84658050f4ecd5692ed98ced8d52a36f28b9ac56f10711982f6a2a10f7e52194c547d909f19f2
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|22d13ddba99f7e81cfe2c8480d17d337
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|370e3f156a375a45a328c33a91c88f5ed612eca8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|8f571cafc428a7444f39eb02fbea696f8761ffb7167c30d6f07b89949209ecd8
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|36f5da66b358ebfb138d5038494fe851cc26b397d26fd24bf6f43d966c9b3773bee7b96e67459e41c05e37ccac00aea29ebde0d8b09cdb407e09ba93dc924b0b
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|be9477822b37d8689fe54e14ee8c295f
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|c3b81c25e02cdede9baeee42c7a022a9b2456901
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|19470b286d4d5b4b7c0f0550f87b9713905b5e3b45c3e7605ac0f1681ec98f2d
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|a7ee1f1927843daa1ec0470b14a7fc3025f6c0ec245eb18ec60e5eaf2bd448dffeafce53405b0035160f04856f3137a53a7a23ed4168e2d1fcee951aee49d8ab
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1|5a34cb996293fde2cb7a4ac89587393a
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1|3c96c993500690d1a77873cd62bc639b3a10653f
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1|c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1|e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
distribution:1
category:Payload installation
type:filename|md5
value:RecoveryStore._4028773D-CB96-11E9-A10A-0A00272257C6_.dat|7180883fae0152920c7782b7e3f30a7b
distribution:1
category:Payload installation
type:filename|sha1
value:RecoveryStore._4028773D-CB96-11E9-A10A-0A00272257C6_.dat|f81829575e6e94f9fc77ebbf58ea10a0cc0fcb27
distribution:1
category:Payload installation
type:filename|sha256
value:RecoveryStore._4028773D-CB96-11E9-A10A-0A00272257C6_.dat|56500dd255f61f55f1bbf8b4b8e6394cd6d90449357488a63bbe98935d416fae
distribution:1
category:Payload installation
type:filename|sha512
value:RecoveryStore._4028773D-CB96-11E9-A10A-0A00272257C6_.dat|004b755cee2c7a971b667883319c8b303f210500f71f5c103da488abe77a40a377a4c083cfce1d33f46be6d9b4d96074decf0ba725b141214dd967e7ee2436f8
distribution:1
category:Payload installation
type:filename|md5
value:~DFC088249E32DFA73E.TMP|482ec0ba7e22108e09505209ecdffd88
distribution:1
category:Payload installation
type:filename|sha1
value:~DFC088249E32DFA73E.TMP|3dca5e3cb386d697365ada1a8b49d015f3b49f8a
distribution:1
category:Payload installation
type:filename|sha256
value:~DFC088249E32DFA73E.TMP|0d90349e4579be3e4399f9fa620c4e6582551f8f9949a3cd0e534670caebe359
distribution:1
category:Payload installation
type:filename|sha512
value:~DFC088249E32DFA73E.TMP|21cf8f2c2b01c660e2039c38894dc5e33aaed05d2a1c46b0605c3c36233e84ac3e7d00c82b7ee709157483bd097f1397d9d81ee0e0e37a94225e9f67552afd28
distribution:1
category:Payload installation
type:filename|md5
value:landerParams_1_.json|0165a7f8fc3efb6fadb8f2327bee6b11
distribution:1
category:Payload installation
type:filename|sha1
value:landerParams_1_.json|49ba4ecd936589e6728455a7a1da899e1dfec35b
distribution:1
category:Payload installation
type:filename|sha256
value:landerParams_1_.json|200eac8de71accbb3d6cf0bd1b028c47abac003d0954d567a7990fcc5f07a76c
distribution:1
category:Payload installation
type:filename|sha512
value:landerParams_1_.json|fca7eae18a9531093ef65f47b83a3cca65b13a034385a1dfd784c0652181b417b57aabb57ecd39be88e9d67366ad587a6094b898a557d18b8f8cd4a2d0e681e7
distribution:1
category:Payload installation
type:filename|md5
value:RecoveryStore._A9B88BE5-CBA3-11E9-A10A-0A00272257C6_.dat|f9d80f7497ca0d4139dc522d34db8e2b
distribution:1
category:Payload installation
type:filename|sha1
value:RecoveryStore._A9B88BE5-CBA3-11E9-A10A-0A00272257C6_.dat|2c80575590d7a920da58dca8b2d364ae8dd4ed00
distribution:1
category:Payload installation
type:filename|sha256
value:RecoveryStore._A9B88BE5-CBA3-11E9-A10A-0A00272257C6_.dat|83341e5615441b5927a7dd660aaa7fa8ffbe95d1b9d8672d52de15f46568e836
distribution:1
category:Payload installation
type:filename|sha512
value:RecoveryStore._A9B88BE5-CBA3-11E9-A10A-0A00272257C6_.dat|ba73c7ed72648ce16c1bb00b2b3e8462ede3b1a7a969c6974fa17e8498ac9ab902c91e4d71ab1f3b711aca4bd8b0558ceac0ddb131ef170f2842ffff78a8aff7
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|5e6b3046cc3b70e0f5ad9ee1fa37ccf6
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|d0b0eb57b7c70c1dfee247c97fd2453d7fa98318
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|252f061b50a96aa7fcd424f11f23e83808bb4fc59ab2cea9383df9b79f494fc8
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|76be11d6347ae4da11f3b047b53b8630d9b0dfa5e1d4c07ca554c3c6eb2b646aeb32756b21a5ccd16b0bf5ec7bf56042d4c5a726bd5330e626e5e6f7071d6a7d
distribution:1
category:Payload installation
type:filename|md5
value:caf_1_.js|148fc8bb7380385b045ce4853aaba53c
distribution:1
category:Payload installation
type:filename|sha1
value:caf_1_.js|91ae07a1c8e493d8ee4ff0de345ad6c2d72119c3
distribution:1
category:Payload installation
type:filename|sha256
value:caf_1_.js|ac10f5008cf8295153efe127de82217409af22d26048366ee424312089f202e6
distribution:1
category:Payload installation
type:filename|sha512
value:caf_1_.js|465d590b04352003843e1ef584f6f737db7910b06b438c600f3dc8e0c947eaabf1dcf1efb2a62df0bab20e1794ede7c430faa1c71b500b8787730f73897e8027
distribution:1
category:Payload installation
type:filename|md5
value:%PROGRAMFILES%\1015500.dat|4352d88a78aa39750bf70cd6f27bcaa5
distribution:1
category:Payload installation
type:filename|sha1
value:%PROGRAMFILES%\1015500.dat|3c585604e87f855973731fea83e21fab9392d2fc
distribution:1
category:Payload installation
type:filename|sha256
value:%PROGRAMFILES%\1015500.dat|67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450
distribution:1
category:Payload installation
type:filename|sha512
value:%PROGRAMFILES%\1015500.dat|edf92e3d4f80fc47d948ea2f17b9bfc742d34e2e785a7a4927f3e261e8bd9d400b648bff2123b8396d24fb28f5869979e08d58b4b5d156e640344a2c0a54675d
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|ee4a527fbc65fef137de0feb897fcfa9
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|f5140432513d57d42218c3496d658a7f6af7121f
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|70d3e46946185348b48c16c720932d28721dba4691803b2b8971a19c39e50718
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D920AEECEDF4B41278B2D6332D9874A2_7D2C7411695D39E6BB4785C4018C934B|a6d79d927a881b6d35e417a97d3c29b5cb648a7c142988f19a0a5a089212ce42a7fd055f94853268cb826acaa73e4db85e11ffebf0c985bb6384d4a69152e48a
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|5f8b369ff3672dcaea42cfd9550743a3
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|f6c8035694d3bc3351f15df33caf7bcd69c74516
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|4c59718aa88c02689a734c6c56497497a2661c3ba970e391c9b5702842b1ddf8
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623|62d16ab6c30c534eb8afe88631fea0f7f4093cd0fc3d840fe5f670057fecdd9a5b35f7acadf11b0ad1adab3abb89f8df6083e5d46b72d3546f6c83c4978fd6b0
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|7beff64a74c53ae11167381827ad1f95
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|7eb1d383b0e04a202851f2b9a61910c37e761ab9
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|bdf1e6d471f410b391c359bb809a0264d3b1947ed65deb110b68c261bfc4e093
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|c44ae8f6783128ffad276ffa78af263cc3950f3c2de8c985c32b76053ad2c4118813ecec8bd84d64a4b5b66ca20b12f977de471fb460b96f82245a1f243c5f57
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|130680a9cb61ca64e882b046ceea015a
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|07ebc32111ff178f7ab0f80bfc1decc9a97888cd
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|35d737089f6814b4afde53b38d6d00e86842589091f7e07cef1a9f303b3d0a0f
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|c89747f6c6c8386586400b9e22d0c56023d85860087bde8b336b54d7d4a980aa893995a996b7566efd937553101277e954da11418aaefa1224c97d3578118ae1
distribution:1
category:Payload installation
type:filename|md5
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|c56d8532c00d3f61c882938274c417a9
distribution:1
category:Payload installation
type:filename|sha1
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|acadca3d01446de05226eebfd9fae1350d6e2b5b
distribution:1
category:Payload installation
type:filename|sha256
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|40c443906898ab162787fdca81ef0b21c749e37f2ec2f56f120d828869fec2ce
distribution:1
category:Payload installation
type:filename|sha512
value:QMRDkGiYqxYnh_3Kge8LIcdJ438uwvVvEg2CiGn-ws4_1_.js|c7e875c5aee468bf9a15242c9444753f0b8504e5dd8e0a8f83170b866f2717f02af5fe0d2b62ba4ffd37911046f1e4a111ed7a2b23f5fa837ff969b9b4d96e23
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|b9b602724be8f97f18b9f45b7b285d43
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|8ca07d6374578f52310e0fafc6445b4590ee993e
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|97fa1e2938be2340cc766815185db2eb595cf20ee046eca49e4e5ac58be803e8
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|652832a6c30eb339a95799da80ed38176c064a7c393d1b764d08e76bd733b4cda7608f3ae9d49f09a3987cbfbe041b92cddcb3a602a6dc16fcb32775556fed5f
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|85b83b85a018a934e9adca6863dfc0c7
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|e20cf77b4daf2f1866e798f2cb1b2caa0be2cdb9
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|3f565a316f845b3fd0fd1d9914898b19bc71a219551df03ff29070609749a382
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0C156238076897A56D77A718A714E59|063e1b46c585c1b0fd894bb00544447bb697585701626bfb7c346550b154826fadc5e3721dcee6dd9c422575c10c9a1d6f7d3caef6fbea46b7eb614e3d01c400
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|96c25031bc0dc35cfba723731e1b4140
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|27ac9369faf25207bb2627cefaccbe4ef9c319b8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|42c5b22334cd08c727fdec4aca8df6ec645afa8dd7fc278d26a2c800c81d7cff86fc107e6d7f28f1a8e4faf0216fd4d2a9af22d69714ca9099e457d1b2d5188a
distribution:1
category:Payload installation
type:filename|md5
value:htmlselectionconfig-2_2-win7_1_.xml|92bb55734dae8fbafd70a64b23e58a8e
distribution:1
category:Payload installation
type:filename|sha1
value:htmlselectionconfig-2_2-win7_1_.xml|79b7067a38413605f5bf7e9c61d24bc4bd4b4c3a
distribution:1
category:Payload installation
type:filename|sha256
value:htmlselectionconfig-2_2-win7_1_.xml|1a4d81fd258ec9669bf53b015230fca510855e3bff65c17f9dcd1ccc8b03e585
distribution:1
category:Payload installation
type:filename|sha512
value:htmlselectionconfig-2_2-win7_1_.xml|0352c8d7626b287dcc8e3e1f33fa995617069b7bfe343722863abdd7cdf2d27e38a2335853c4474963d8aafd5542f523e10ad7c8cc0ed95dddb6c7d720a531ac
distribution:1
category:Payload installation
type:filename|md5
value:ads_1_.htm|1208179a6a3de78f22f1bf55f61fadc8
distribution:1
category:Payload installation
type:filename|sha1
value:ads_1_.htm|ea6f4e39cb3c8f67ac69260d376cc15e7e75f171
distribution:1
category:Payload installation
type:filename|sha256
value:ads_1_.htm|20534a01a1c883003fb0a63ce2fa5751561bf9476ee1123b86e5a1280b1dd234
distribution:1
category:Payload installation
type:filename|sha512
value:ads_1_.htm|e0f2650dd0f113863743f37737d90f205b8b1499dbadfa29534a9946da50c8305d0302f78f7ce6b8f28f7158a16a00787bee63c8ad47da05e517939a457072bd
distribution:1
category:Payload installation
type:filename|md5
value:bullet-arrows-orange_1_.png|31f21bbaaf88b740f21fe900701a8373
distribution:1
category:Payload installation
type:filename|sha1
value:bullet-arrows-orange_1_.png|75f71c5ed4e44505a12c453e76cb1c10953acb6e
distribution:1
category:Payload installation
type:filename|sha256
value:bullet-arrows-orange_1_.png|6bd48e5cbf3c20acab72dceb7208e9da630d34d4eb41ec165e168df9bec92684
distribution:1
category:Payload installation
type:filename|sha512
value:bullet-arrows-orange_1_.png|5a3fee420bbb3d997ae40a3530721e181bb71bdfa2d54807da227c1a11f50fb9bfecff979f53725ff83a89a9fe1251d4db94d247160873b00d13ed12b2bdb349
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|5eb8f15425c1ee254f19768acbd54835
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|82efd72d63232c960435abe2fa38561ac326e779
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|3b4c4693dc989f5bdbb528dd512caf538d1b57052da392c21628979abebdd79a
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|fbf806d1263721532397e88775ace14f4b7937dd8d534a624d0b5b1316d408dc98b75192fad64b18971519618aa7fbf8ef5150e041b1283e2cf1deaf61545f86
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZK6XP1ZE.txt|55fee2d05f6e62f728979ee0816451de
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZK6XP1ZE.txt|eb3cb157f91efe9a7ee9411a275e61d7ad0d3fa1
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZK6XP1ZE.txt|3acc4ec2385a14cd1232a944984b2736e10e1dc6e3bdccc44793fbacd63b8039
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZK6XP1ZE.txt|9e6b143870e46097ff1e3ec7dd7c9275659dbfcc2e218c044c144ecaf966cab833ad9b3637327f41a3060eaaf0482bedcfe7f45a6e6e2f9ac2436d26f92a67a7
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DF60C9483F9ABB17F5.TMP|171c6abeaac3b649e3bb3c9d472e8011
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DF60C9483F9ABB17F5.TMP|1434293ba7b7d9f27dac7ad75f0525f0b9e69709
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DF60C9483F9ABB17F5.TMP|f7efa63a3cd8da1ce6d4ecb74f37d0d923b8fb9db5587680023e9b488a021bae
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DF60C9483F9ABB17F5.TMP|72b4b4fc595d426f34902bb7e836ca89ed113774e2b6ea1eb09bffc75e3c0a073923334ca5111a9b4dc13b2fe15cb1d04252251c82a8f1f259266be96b16a40e
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|d1b538e3e21c1d886c9aebdcf84eb6f9
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|5f4da446ddac8bec6898b8cac40041097e4ae535
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|9b9a71d8e3ca81e2110061e03ef222c41f686ea8b86c400a45795384308621e5
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|861450b768281379d1ba63719734b0e14c7771906c6f8dd319c6501d12314626af172c973fb102b5d4aeb49c1245f94260b2b3e4607ef7da43331d160224c965
distribution:1
category:Payload installation
type:filename|md5
value:caf_1_.gif|55fade2068e7503eae8d7ddf5eb6bd09
distribution:1
category:Payload installation
type:filename|sha1
value:caf_1_.gif|317496a096d6c86486a71d4521994bcd171a6bb3
distribution:1
category:Payload installation
type:filename|sha256
value:caf_1_.gif|e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
distribution:1
category:Payload installation
type:filename|sha512
value:caf_1_.gif|a9adb9feea4bc14b9c34ed17cd30f8cb36dc686e9f69a292fe65bebc195be4714391fd98ec7b67bfd363fbbb6089c41a0b7cab5130b50b461748e668cac75621
distribution:1
category:Payload installation
type:filename|md5
value:ErrorPageTemplate_1_|f4fe1cb77e758e1ba56b8a8ec20417c5
distribution:1
category:Payload installation
type:filename|sha1
value:ErrorPageTemplate_1_|f4eda06901edb98633a686b11d02f4925f827bf0
distribution:1
category:Payload installation
type:filename|sha256
value:ErrorPageTemplate_1_|8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
distribution:1
category:Payload installation
type:filename|sha512
value:ErrorPageTemplate_1_|62514ab345b6648c5442200a8e9530dfb88a0355e262069e0a694289c39a4a1c06c6143e5961074bfac219949102a416c09733f24e8468984b96843dc222b436
distribution:1
category:Payload installation
type:filename|md5
value:favicon_2_.ico|9fb559a691078558e77d6848202f6541
distribution:1
category:Payload installation
type:filename|sha1
value:favicon_2_.ico|ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
distribution:1
category:Payload installation
type:filename|sha256
value:favicon_2_.ico|6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
distribution:1
category:Payload installation
type:filename|sha512
value:favicon_2_.ico|0e08938568cd123be8a20b87d9a3aaf5cb05249de7f8286ff99d3fa35fc7af7a9d9797dd6efb6d1e722147dcfb74437de520395234d0009d452fb96a8ece236b
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|6ac737fe9b43ab51af1e9d42a4173510
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|c11128081c0881d9c95fe1046209230202f6f2e0
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|35120381c25fc8234845ee9c56b29f0ad4556655a3d29f7eef779d2b903cea78
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B|0139b4580801635f05d2a90fea003a67fc91deb2ee33580ed0b376430361f717989ea0f8e7db1841ec29ff834c6db00949f9ccd53aaaddfefc95fb301e0ce049
distribution:1
category:Payload installation
type:filename|md5
value:errorPageStrings_1_|6b26ecfa58e37d4b5ec861fcdd3f04fa
distribution:1
category:Payload installation
type:filename|sha1
value:errorPageStrings_1_|b69cd71f68fe35a9ce0d7ea17b5f1b2bad9ea8fa
distribution:1
category:Payload installation
type:filename|sha256
value:errorPageStrings_1_|7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
distribution:1
category:Payload installation
type:filename|sha512
value:errorPageStrings_1_|1676d43b977c07a3f6a5473f12fd16e56487803a1cb9771d0f189b1201642ee79480c33a010f08dc521e57332ec4c4d888d693c6a2323c97750e97640918c3f4
distribution:1
category:Payload installation
type:filename|md5
value:ads_1_.htm|862c8823a0b2c48ade8168e3d8126fa5
distribution:1
category:Payload installation
type:filename|sha1
value:ads_1_.htm|ca22e4bd2d193822badf84126124a23f076617d0
distribution:1
category:Payload installation
type:filename|sha256
value:ads_1_.htm|24696e42239c6a9edc886eee1df8d9d191acaa498675d2d32bd4cad4093b826c
distribution:1
category:Payload installation
type:filename|sha512
value:ads_1_.htm|14cc36a8c2e40d2c01b0436207431f639c7fa3d1079c463e1eaa3257481e45489d212e4e5a2d5b0ee7ce44b305318edfdb6ec8fb9ce2f63a2f1265dfd3f86627
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|cd46aa466b90d327335720c9bb8a737b
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|eea3d5f2f907465352a831bc1f8030076f9116f3
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|127c21548b141808e275d0429b280f4a779df49713915fbd67306a6180021332
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|3d5316f36e54c3cd1a842c140503e4f2720e93e1706cacfef5453b4e02e1a986cd24ea75ba8e2ccc1c7de2aaa47ef5b6d9dc89294b4e81d66f0ec8cec863aaaf
distribution:1
category:Payload installation
type:filename|md5
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|efa2fe5b779f64cb7fb5b2cdbd3a0f5b
distribution:1
category:Payload installation
type:filename|sha1
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|22386d1c5e2bd3caba15493e12592b72b69679eb
distribution:1
category:Payload installation
type:filename|sha256
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|49cb840d288b6e91954d6ea6ed394ce58456d3f642f69358d44fb58fe875d873
distribution:1
category:Payload installation
type:filename|sha512
value:%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|0f06721213f48f756c60b4b00692fe996cc7266dd106d331f8af88d95ef8c2fbdc6743134f69e616b84907047b012fdad588a392c47c866a766cb43e8cf06c4a
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7Z9IQ15Y.txt|410e3c173abc0f957d77b4003583455f
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7Z9IQ15Y.txt|975da0b59c29b26df356c8f688e4a18ab6013467
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7Z9IQ15Y.txt|94c2f60098e14495e77846e6f4fb58d5f43e4ed8262c7c4f8ae710b005a253ca
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7Z9IQ15Y.txt|7bc06c44f8cab0f5b24552bb4145ad5d9ca44372d7eb28dd0d412f96c2aa79ac599fd207c01368b14662fc8d5e9960a682ffbe4318fff56d940c490b89455ebd
distribution:1
category:Payload installation
type:filename|md5
value:search_1_.json|449f61c84cd2f7342f95403c908c0603
distribution:1
category:Payload installation
type:filename|sha1
value:search_1_.json|08afdc36927b6c4e03c3088e5c9c812cc4215ede
distribution:1
category:Payload installation
type:filename|sha256
value:search_1_.json|19170bd75edc0b5183a2f9fcc3001d9d222deff61e5915ad1127b65ab581a2a1
distribution:1
category:Payload installation
type:filename|sha512
value:search_1_.json|f0656bd94c8e33ffaa08a5630f9b7d254ef4297a30b280a802b3bbd4fb8a6e6ac1dcdffb53d09325163ad2bffc0768247c9bf3a40160023aef4c9da59c738a9b
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|34e43628d09fe3425e05328ca37e41b0
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|a85de3d96a8fbdaf40371522f15dc8ee1dcc33cf
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|a3ec382d514ffe08ac48660cd5af20ef101fe54ed99e7f9e6f1fc2fcc0df100a
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1|c7733ed28638068c0641600ba589db27cfd77d4011c412dda3781cfcdc6bea82efc90a9221d4f66056792498e074647f170a65cc000efafb229a7a97f0eec984
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|b8bc3bf4330884490cb929f83c9a112d
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|81dadd1dc9054d5690a17675455ab710fe1b2eca
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|114a213024844da37d5cfb12829d17a5703c6b42f71b4d1fac5e016867b05434
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|6b3616922cfe75195571bbd528343d84f05b655b6456e3dc84f795617a791975a2918e76d896eb7029ea5f972cb76b662f9d4f55eba8c52e98f3d8eaa7c6b0c5
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|20914b761878cb62580d4ae8edb3c69b
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|02278f8d96bb037e0283d91cee405fffecbec39a
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|122ef6a2ef818ed46019cb683e6dc3236179dd57c4f8d405107eabfe89f0067c
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|98d26e6d5cf06d6699fb01e72a8703f14b0a1e3017163b8a90608d71a96654579b6dcaf37d32090be6d4656b03cbba5b5c1bb7e2b02d32f103b48a37161fdf97
distribution:1
category:Payload installation
type:filename|md5
value:dupe_1_.htm|85e6d378ce5ac2c6b41d95739e75b734
distribution:1
category:Payload installation
type:filename|sha1
value:dupe_1_.htm|7998cbb71dd1414fa6c836abfc31f97ceafe4c8d
distribution:1
category:Payload installation
type:filename|sha256
value:dupe_1_.htm|c4e40ca5644a25562e5f763f7fca8b2018722bc3e76ff340bcf3df8875e6406a
distribution:1
category:Payload installation
type:filename|sha512
value:dupe_1_.htm|c915f0b88cec878f88fe00d5c672027a2856ee7e7e2573b85625eec336c6b8612d9b1ca21c72234c6a43e0f72473af421921e3d4106efd7b81970c78d1c60f07
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|7cbe87b18b3c13f3dced1999013cc816
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|7000c8144f77cb76e39a930cd67a668fd5c1ffeb
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|d9692980c5aa9ad4d8134a4cdb1711552c239aad9feae2feeae5e0614517fbbb
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58|f31eaa4d42e2f067938d650fc1807599381d81d35a525dbe57ed36df54ebdf216f9396bca429f9555c68004dc482ae2e5df63a9adf1cb45a5d3c26c2d2f96fdc
distribution:1
category:Payload installation
type:filename|md5
value:_B5609AB4-CB8E-11E9-A10A-0A00272257C6_.dat|2d3c29776d2f8e148b6fc38cef879208
distribution:1
category:Payload installation
type:filename|sha1
value:_B5609AB4-CB8E-11E9-A10A-0A00272257C6_.dat|9e83519efb495cbbc110518f1cbbb097404194fa
distribution:1
category:Payload installation
type:filename|sha256
value:_B5609AB4-CB8E-11E9-A10A-0A00272257C6_.dat|3fbbce13e64ef0bf0ed9041f482d90a434f3717ab183d4856990b0b38cf86069
distribution:1
category:Payload installation
type:filename|sha512
value:_B5609AB4-CB8E-11E9-A10A-0A00272257C6_.dat|e9e3d650f156c1f7bee36da0b6cfa7d059f12d32f19fcc3c6a83419dd743e92f34422dbf8f5df2a2f2f6dcf72564d37f040a5d534bbedd9bc1b1a5a2a2479fec
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|5eb8f15425c1ee254f19768acbd54835
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|82efd72d63232c960435abe2fa38561ac326e779
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|3b4c4693dc989f5bdbb528dd512caf538d1b57052da392c21628979abebdd79a
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|fbf806d1263721532397e88775ace14f4b7937dd8d534a624d0b5b1316d408dc98b75192fad64b18971519618aa7fbf8ef5150e041b1283e2cf1deaf61545f86
distribution:1
category:Payload installation
type:filename|md5
value:caf_1_.gif|55fade2068e7503eae8d7ddf5eb6bd09
distribution:1
category:Payload installation
type:filename|sha1
value:caf_1_.gif|317496a096d6c86486a71d4521994bcd171a6bb3
distribution:1
category:Payload installation
type:filename|sha256
value:caf_1_.gif|e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
distribution:1
category:Payload installation
type:filename|sha512
value:caf_1_.gif|a9adb9feea4bc14b9c34ed17cd30f8cb36dc686e9f69a292fe65bebc195be4714391fd98ec7b67bfd363fbbb6089c41a0b7cab5130b50b461748e668cac75621
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|cd158e306af7d70de28b8e670e8d0a4b
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|da85abdad2dcb403cbf3a238c9336a1f4bfd23a0
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|5382cc931ea177b35c6b0b0f376e5b0c0fec1affa14fef345c0f154b971a7faf
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|31790e9e23b411ad73eab177b86bddbcf866d30cb164994013f1a2d04b4a82d2c9067a1a17794757e3b861e54f5578f5815b165d0e9a8147277c4db693048959
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini|881dfac93652edb0a8228029ba92d0f5
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini|5b317253a63fecb167bf07befa05c5ed09c4ccea
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini|a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini|592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|42cd0ae8758332579f88fd46cdeb581b
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|a2b9411fa8b73b747a617eb84d3a1fdef155ee36
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|33061c250bbffa925f7cea1fa3fe08c7339436273a09a519a0ef126a3fdea4ed
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|a0913e294a6c60c4908697b54e43aeb196874e639de311877c5751bb8a27dc6f06b9104de4eeb234b7945a24be6e4739e737e40e17ae510bf05968411a82fc13
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\8REQ7P3E.txt|89885ece09d4612fde8e75efe8f429c0
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\8REQ7P3E.txt|3f4dc164282e1550ab140a8fcd82f6b4f7104308
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\8REQ7P3E.txt|ab83dad9f6c54719c2a6ffa90c42e3442001bc0af8ccdfc41f4a2f5e388b96aa
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\8REQ7P3E.txt|9646ec1781d3d64de1987b63415fb0bfbce75664b17f10f129b9d8a76dc83dcefc919bd16682d2562428065e28d6cf13a25724df696f8f6208bb57bf8f222aae
distribution:1
category:Payload installation
type:filename|md5
value:_3368E74D-CB92-11E9-A10A-0A00272257C6_.dat|37abc9b1339095b098b12b5ebcf22a3b
distribution:1
category:Payload installation
type:filename|sha1
value:_3368E74D-CB92-11E9-A10A-0A00272257C6_.dat|d0db764c8a945ec5160bf092545ae93c2c0b9da6
distribution:1
category:Payload installation
type:filename|sha256
value:_3368E74D-CB92-11E9-A10A-0A00272257C6_.dat|646f4144dac3062b39ebffeccde92e7ae15b6f99632369c9dcb1866d4003feb8
distribution:1
category:Payload installation
type:filename|sha512
value:_3368E74D-CB92-11E9-A10A-0A00272257C6_.dat|feaed2bad71b65eca0e5936ff096a4c8e39de806bd4fa97237ccbe7315322661fcd3209f6b3e69e9da1af8f514cf44e9f3c4ae8b380711b77b95aa19d287df49
distribution:1
category:Payload installation
type:filename|md5
value:~DF509424DF746D76B8.TMP|41bd191fd3fd75c3a883f2e884746610
distribution:1
category:Payload installation
type:filename|sha1
value:~DF509424DF746D76B8.TMP|1ee24ca9f5163d048ef5bff8938ccc8788f3a834
distribution:1
category:Payload installation
type:filename|sha256
value:~DF509424DF746D76B8.TMP|9eebdb177913f26d5f92902c718e8ebd32cb89b0119351449c70d46b3cb14cf0
distribution:1
category:Payload installation
type:filename|sha512
value:~DF509424DF746D76B8.TMP|93f26ebb07e9ef26ad808cd5be5cf0e5e96906d1730a4a0750fe92640bf5de2ce35585eb3027bf118e0ef4ffdc89707a8bec7078f0fc0d39dd43bf26a91fe4d9
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|0842fe8ad4c3f90f1cbeed74d6cddbb0
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|fcc488ac582a99ad1a0a845f8bf4325a6c94416f
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|5072cbaff8384528061d840b711abced651e9f362df90de064f7ae53622643fb
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771|81a31dee14d50c7f773d2b6b498dd1231584b51ef78b9e1cff9674fec8739cf67e1693375ba54a59f5d6b7f1be4b19b09e927a2e8fe0df96716e907e1947e518
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NPYG1MO0.txt|3ec83e45c8bb78d1395e2f55fe4da5d4
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NPYG1MO0.txt|afb3ef9b512ac9a3d4439127140feb5445c14e7c
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NPYG1MO0.txt|1bd04cd88d2c9dbd304048a762234865ae6c3f92a5ccff3bfc51d8aa578f45e5
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NPYG1MO0.txt|a9636ea8082f53bd44171f6006034627b9c8ff9182dbb45d6066eb7b08a3bb8c366401ccdb11e17ff0d7e7285b4df27abf3a712bb7543ab0f2e31e3720668104
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|185126000f1c27c309125cc77a6df3ad
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|6d27e9afc55cb86a7f9157bdda49892ddbdb5de8
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|366388c35afaeee491cca3312c751646f1a456ad9a57d83c9abba6fdf28f3594
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|a6b6c5a6219d1f1a6e719e5cb9eb06810c274bc744df52432983a33ca0888557d0978a8ed823415c6b4fa400293bdb4c553d9a4664fed96d1a313d63df576442
distribution:1
category:Payload installation
type:filename|md5
value:main.b0434fd9_1_.js|cd052864fef0a75c2b506b42e1a784af
distribution:1
category:Payload installation
type:filename|sha1
value:main.b0434fd9_1_.js|8df1aeb9d4a903e2e4c10be5ea0c0111c5bb75ff
distribution:1
category:Payload installation
type:filename|sha256
value:main.b0434fd9_1_.js|858ed3ec23aa92070a7cd7e9b4ccda14820e8bb4de2f18de87f21dd98121c5c2
distribution:1
category:Payload installation
type:filename|sha512
value:main.b0434fd9_1_.js|cd2d1f44c95015c22918d69e871255f641fa50f94d923c3c02a6bf6ff29a74cf2f0b4fcef909253b7b3509cbefa8fcdbc5fc4db808b23bb622819568ea76fa43
distribution:1
category:Payload installation
type:filename|md5
value:caf_2_.gif|55fade2068e7503eae8d7ddf5eb6bd09
distribution:1
category:Payload installation
type:filename|sha1
value:caf_2_.gif|317496a096d6c86486a71d4521994bcd171a6bb3
distribution:1
category:Payload installation
type:filename|sha256
value:caf_2_.gif|e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
distribution:1
category:Payload installation
type:filename|sha512
value:caf_2_.gif|a9adb9feea4bc14b9c34ed17cd30f8cb36dc686e9f69a292fe65bebc195be4714391fd98ec7b67bfd363fbbb6089c41a0b7cab5130b50b461748e668cac75621
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|8a488fd70680a4014705580ffa7f4ecb
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|21e8eac93c541914b2a1cf074f46b9829a5130c4
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|24d414bae3236eedd9f8c1ed832f4dc792ad1ca40af245033b661dc6e63b59d4
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4B782275DC1682E4DC39E697A49B151|8865c53bceb45f291ee2d05389d234be9a0388ed6ef27a9d30a807a52ce50cf696ce846267430abc8454727494fb5b6eb654949af978d0e45cf8c348d29ada93
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|cc7425e6f6a268a188a9bc712c19bb5c
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|da41b93aa0585d5174d4cedca684e03de03b3874
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|9c2f5ea339d1ce24dede73a13a748ec063e39f75713f50dfaf8e65d7725a8313
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|2eabacae02e0d6fc5ce579e12e33d2bba9b49e6381016712b32cf25e4bcfeda60379b032d18bbd684cd123fa7c8550a18d4e9ba6c8a556f68caa01a35f17a205
distribution:1
category:Payload installation
type:filename|md5
value:_23C7F66D-CB9B-11E9-A10A-0A00272257C6_.dat|80a7e2f11b86491be5171ace5a7e3cf3
distribution:1
category:Payload installation
type:filename|sha1
value:_23C7F66D-CB9B-11E9-A10A-0A00272257C6_.dat|ac60136c5fd9d28769191c1b98ff35da3758e64e
distribution:1
category:Payload installation
type:filename|sha256
value:_23C7F66D-CB9B-11E9-A10A-0A00272257C6_.dat|99b6895970c9b370579707fd4752a8884292354e2e4964ff3a2ab9ec2ca8bb23
distribution:1
category:Payload installation
type:filename|sha512
value:_23C7F66D-CB9B-11E9-A10A-0A00272257C6_.dat|9c65cd0541058c4e3c8adeb57288a757fa7122ddecfdbc6a2fb004d85045e0a2f81f88540a8bd530c778d1404f196fd2238a22e0919aa2263094e1e22d3d4b3d
distribution:1
category:Payload installation
type:filename|md5
value:_A9B88BE7-CBA3-11E9-A10A-0A00272257C6_.dat|4120bc4a7b0399a2e637aad785584fa6
distribution:1
category:Payload installation
type:filename|sha1
value:_A9B88BE7-CBA3-11E9-A10A-0A00272257C6_.dat|38fed8016e0f7dd3e16f9a2e62b67fdd177bbc08
distribution:1
category:Payload installation
type:filename|sha256
value:_A9B88BE7-CBA3-11E9-A10A-0A00272257C6_.dat|7998bbd9428072cbabfadfa807fa0a1bbe4b38402088f8f47ef301ffb71420f7
distribution:1
category:Payload installation
type:filename|sha512
value:_A9B88BE7-CBA3-11E9-A10A-0A00272257C6_.dat|96cbd603e2d2977c9fa379f8a23edb6ea9b14608b02e9e9c7065f603098dc1afdf0d9897e4332759b4bb95afaa3aeecea623794de87c6837aaaa597c34d24be3
distribution:1
category:Payload installation
type:filename|md5
value:httpErrorPagesScripts_1_|3f57b781cb3ef114dd0b665151571b7b
distribution:1
category:Payload installation
type:filename|sha1
value:httpErrorPagesScripts_1_|ce6a63f996df3a1cccb81720e21204b825e0238c
distribution:1
category:Payload installation
type:filename|sha256
value:httpErrorPagesScripts_1_|46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
distribution:1
category:Payload installation
type:filename|sha512
value:httpErrorPagesScripts_1_|8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|9556703ae045c1fca5623ccbc83a1077
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|5e073b077d3d6eb89583f9938b2af8f679704b4e
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|1d7c2ff9a5200ef0f77ce51f3d985d613d1419e0202c3fc804be11ea9f223cdf
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_D8BD318D1C6B3208D569FE7804890405|cc8caa970fc2fc0182f0d29cbba4e6f82deefe02ca90efb8c7837f89b3940c722e4fdb4033783fbb84ba30c772388ee52299778553823d9db4591588603bb7d1
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Cookies\RN3P6XHC.txt|cf6857e4c4ca479b97ae3842fecbb993
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Cookies\RN3P6XHC.txt|27d63e23ace235725de669f8159d58c8ed3e87ee
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Cookies\RN3P6XHC.txt|0425418d8d11e733474e576e2c88aa6aafd0317bf8a2b85ed345149702211fe7
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Cookies\RN3P6XHC.txt|2783d59533326b239bd579d2f359dd5b688dda1914f306135f31baae10c0c57740bd0566a720aafeb112e08f2640a3da3a5bb23e4f29aa729b45fd3a702dbeb0
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|3423000b9f62d6a4566a975fce700279
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|83d8fe887037b2ef290173a5fe088317d78acf75
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|83c4cc32d14f9d5832af2a35fd1c79d9f0482d453f5ec574cfd3f227e26da563
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|5a3b7c92e04ded91296d5e73a9e1cdd968c52e1f2652ef28d5c4957a5a9c07f05621c9ed9d1b101767e0e1c097d9d31e79757b83108d9b908a5c50723f394e53
distribution:1
category:Payload installation
type:filename|md5
value:%APPDATA%\Microsoft\Windows\Recent\CustomDestinations\GQFEL9UI6T0MSLADAZPW.temp|38133dfb6867fa7a6cbda91eee39f286
distribution:1
category:Payload installation
type:filename|sha1
value:%APPDATA%\Microsoft\Windows\Recent\CustomDestinations\GQFEL9UI6T0MSLADAZPW.temp|c6a8d785f94964d728f71e0f1e6aab755d043685
distribution:1
category:Payload installation
type:filename|sha256
value:%APPDATA%\Microsoft\Windows\Recent\CustomDestinations\GQFEL9UI6T0MSLADAZPW.temp|aa98881268f743a8b5cacd94323d3d22748f3179a1deaa44f17db7e89034bf60
distribution:1
category:Payload installation
type:filename|sha512
value:%APPDATA%\Microsoft\Windows\Recent\CustomDestinations\GQFEL9UI6T0MSLADAZPW.temp|9ba8f8ffbb215f53828897e8adcb88caec18b33252014f96124363bb2c8709a3897da5bcfbbcba0c57d1703c393a069213f6c54d2b80f74a1e1a69f4903e344b
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|2173d1e2419c3f3b78420d167aee8f4f
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|99751d56305a91c01514b5f5ad17ff80241079fd
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|61f7ee90fde0a5fd150b2c89473f5c915d52ed8d8557bfdac1621259531dbf90
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_096B09CD344792D99D17B284BF3BD5D2|632249d842f7bb8e736d3cd7a0f9d1e217c08cb1324b428fb646c832d2f0868a0d4aba7ed70c0ba3a0a0d1ace8383d5699e9140991b53d0bf5a4a1cdf88431b0
distribution:1
category:Payload installation
type:filename|md5
value:%TEMP%\~DF276E9AB6BB195853.TMP|7a53acc9a68593cb5d95cda490d426b1
distribution:1
category:Payload installation
type:filename|sha1
value:%TEMP%\~DF276E9AB6BB195853.TMP|a1ea0693ff8bdf009737b9d71a1aaef3f05c2db1
distribution:1
category:Payload installation
type:filename|sha256
value:%TEMP%\~DF276E9AB6BB195853.TMP|6bcd2962b437fef074bbefc36a466658e9a28bca89667840946b33269c787628
distribution:1
category:Payload installation
type:filename|sha512
value:%TEMP%\~DF276E9AB6BB195853.TMP|254c64253b16234a03e302397fc92e65eb72e6435381a65057698c79c01ce1445f8a913a2e802ae5075e1f301ccc5720550e6edc55d8a2d859736afd5895c08c
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\Temp\~DF841591D67A2AD146.TMP|9298297e9a2e4b7cde39e134eb7d9f14
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\Temp\~DF841591D67A2AD146.TMP|6f8fc8d0d85f7299e07902c59ae28f4fa50626b2
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\Temp\~DF841591D67A2AD146.TMP|81a9b55bd57706ac947e5689512b6278e400f44f3320a454e79799c94ab9022a
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\Temp\~DF841591D67A2AD146.TMP|2a8469227e27d2c3d0f021d24a6c933794177a29ab7e9bd585f9ff9a954c0c375bc5847317e9b5441035b303fb21c8a4fdb94c7d54c8db5146ca80f122c998a3
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|a4206fb2bc553c0f49ab0027558959a2
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|18b4fa15b541dd5382cf68f92886278f1121b947
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|a70ae29cb134857b88696b0daa9216a68e0d3c618b79a44fcd03f928516c527c
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5440D99A665106F5F71C9188FC271AF3_16203FF06141B8A24BD117D98D8DD64E|c05cd9e6898e39a9d67470ef95151835227779fa2a225c291da34e86eaf1d46607fe1ffe3523d548fd202817bb34666b3f9fe54b292c0859b38ec30fa904960c
distribution:1
category:Payload installation
type:filename|md5
value:ads_1_.htm|6f54167f3c5b4e5d66eb8d7cdccafd4a
distribution:1
category:Payload installation
type:filename|sha1
value:ads_1_.htm|2043202d9c0b4c035c6d31655b828d148e767de3
distribution:1
category:Payload installation
type:filename|sha256
value:ads_1_.htm|085d87164b2a63d92b3fe6d21c819de32ccceb1a24caa7f64588fde431e1d932
distribution:1
category:Payload installation
type:filename|sha512
value:ads_1_.htm|8eaad04334f31a2ed05a29cc8dd535d0455b06131eaaf2d6cad6b12b8bafe7d8fc49ce232b61b53936f409b445c408f1579afc8179543b2ce4e32aaa10d132aa
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|b15b90b9d16d4dffa948a3178cdb9143
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|a1c315ad8c1fcb3ad562b9777c7942fc1f025ea7
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|a0559b2fa6e7a2e6fa47714ac5da1ccddc5ad927f3bd9c72b834d145885ba004
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0|980ab131652031a5f2e0f444a48ba4b970227a2476a90ea8348b2d31934035e85d9a2705e492bab078141a7a713087dcaa5af88deb939fadb57d02db27d38f36
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WE422FBZ.txt|183dcb0681dc31dbbb35b4f006a7aa9a
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WE422FBZ.txt|06777e7cbba83df9314333484761b051b5a21199
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WE422FBZ.txt|f8e05422611547075c1261c036892328ff784d5e70b99a79e467f561022b5fcc
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WE422FBZ.txt|203e8bdda5322a3cde7bb2d8513fa3c296034175499a4977db4d560c8fcb556b857b42e77cf06e0b6c0914d32e24ea69a19b86e2b9b797de9f1efccd1444896c
distribution:1
category:Payload installation
type:filename|md5
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|cd158e306af7d70de28b8e670e8d0a4b
distribution:1
category:Payload installation
type:filename|sha1
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|da85abdad2dcb403cbf3a238c9336a1f4bfd23a0
distribution:1
category:Payload installation
type:filename|sha256
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|5382cc931ea177b35c6b0b0f376e5b0c0fec1affa14fef345c0f154b971a7faf
distribution:1
category:Payload installation
type:filename|sha512
value:%WINDIR%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|31790e9e23b411ad73eab177b86bddbcf866d30cb164994013f1a2d04b4a82d2c9067a1a17794757e3b861e54f5578f5815b165d0e9a8147277c4db693048959
distribution:1
category:Network activity
type:ip-dst
value:172.217.4.196
distribution:1
category:Network activity
type:ip-dst
value:172.217.1.35
distribution:1
category:Network activity
type:ip-dst
value:35.227.236.88
distribution:1
category:Network activity
type:ip-dst
value:72.167.18.239
distribution:1
category:Network activity
type:ip-dst
value:72.167.18.237
distribution:1
category:Network activity
type:ip-dst
value:172.217.5.3
distribution:1
category:Network activity
type:ip-dst
value:45.40.140.140
distribution:1
category:Network activity
type:ip-dst
value:172.217.0.1
distribution:1
category:Network activity
type:ip-dst
value:94.75.229.248
distribution:1
category:Network activity
type:ip-dst
value:184.25.188.105
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ADOBE_READER|63003A005C00750073006500720073005C0068006100700075006200770073005C0061007000700064006100740061005C006C006F00630061006C005C00740065006D0070005C005C0077006D007000730063006600670073002E006500780065000000
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ADOBE_READER|63003A005C00750073006500720073005C0068006100700075006200770073005C0061007000700064006100740061005C006C006F00630061006C005C00740065006D0070005C005C0077006D007000730063006600670073002E006500780065000000
distribution:1
category:Artifacts dropped
type:pdb
value:iexplore.pdb
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F80100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F50100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0D2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1900000019000000E9020000E0010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\LOADTIMEARRAY|020000000C00000015000000360000001F0000000000000001000000000000000800000001000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\LOADTIMEARRAY|00000000170000001F000000D4000000270000000000000005000000000000001300000005000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\LOADTIMEARRAY|2D0D0000B20200001D000000A0000000150000000100000002000000010000001900000002000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\BACKUPDEFAULTSEARCHSCOPE|0000000068090000CCF5C1CB5EED8E03AC12A4B4937E49AF3EA68010D3EB8F484AE7DC58E590F55960C00D80F7AEC015016F08604E89B5A66F27D3531989B0B73CAEE83DE35BD87C33FFD0618010B350D7E854D8C83CD3778FAC7D1F0D181EE339A2FC40B59F9C5CA4D3A497D7B3F37B4A9FE90479396EAE875744FFBC37528C15E3C7E5FFFC9D18825C5FBED13793D4A9B25FF85E1E3BA711470E211A8864650591C96AAB1267F757BB190F273D108D4E43DF80D98C46DE089C546528AA16D637CC707D54811A38510E16E278634A50E070D18675249BCB3276E0C3EE3CAACE4AB497C513E922808176C175434A1CE2685B894091846154FAF4B60058E0E6A8FF690C3F36EA8DCB08146C0E9E9259C6EA22E92F154E62C69138EFB31E350F198E0B4B5EED24F4F64506536185DAD7FC06E720F30D209B6962615F9894DAD934E2BA2F0C2337F5D4F56D495288C58FCB95C8CEE78C9BAB9D518FD0340E71CC81B496ED6D86C23FD39C69E0FE66F121991BE704973060848593E11BCD6E99C419D0BF9E7AB567AE34491B171C52FDC1D77B6329FCDC0D394BC879A3AADAF16FDDDE55276AF8C58CD41DA173A35D8A4CFEEF5BC28D4E449AE91C76DAAC331B86B49478F8E6C27CDB7ED41C23CBE6384D947EF12E24BCA31A8E29F8972E39B68CE5D548FB18DD2C64D46DADDE59DFA78E4BE343CEA79ACB58856B1F263EC261E972ACE5CD7F18758BC32B72433CAB77D92C5D738490345D5CB9A30AD51C30BE118DA36F13990BF78890F18CA0756049B5CDDA9F74399FF73BC2D7DBF615B66B691C9B068C5B1E524267EC1B845B09BB939F57E91DFB4A3B0E8314B1C1A2D80A024ABBCAF67B5226B9834540E021326E7B49BE6F752589C79A5928AC5FE13F3AC62A92DB56863213C1EA0D19B7B51602F80D2453A2B69F3CD2D7DEEB6A549C9AE96AC559EBCA76B99AADD8C75DEEC617804CBEB3F2F2663BC21BCD90BEFAE9CC5514CF64B10F9EB708C29D6A0D05AC4D6F0902B14DBFB362A4A5F3BA35B5656F3B619B1C021FA2AF3168202324659F445D83A56B55D74C5388CA2589C0F79322C69D6BA21E1DC940AD20F11066C56D9D00E6110399C9F4AC05B1771D02CFE787ED18711418B0C00A7E34A652729630F602008B97ECCB9E0ED3E1AC95A7371D3D9F29779335FAF9AD00C9730AC4BE27F04E0D1F49AA55091AD0629D1324BE8AE37A41203F8B6010C92D8B105675A8F82B9E91B637CA98A06E956800B66377F61BAD0A643838260FFE42E09157D79AFA47CA46D58396BA03AC92955D9E39414184DAA04F9EBCD178EC36AF982DAF6989E4AB107B4C23E9FE72D8C485EA295CD5BDFACEA29135674533D9B848F94D7135A37B0EB9B1D2397662546BEEBCA54AEA685C645D31F5707673397AE9D9DCE04422FBAF7FD475590A1AA985B733530916247395319E4FD79C4B04A7AFEE81590B025EE2D4D35E0DA23BC817766F2E90A190EC6E77F82189A05D902E4059E1DAF7E3324B4BD07B854C668E386C9077AB3D4E8F58005F62F6F048A9D0193817FBFD65599284E9F978AE396FB470B50A1B4BFD81A82EF39A538FAC38478BACA97AA02825BB1040EC1B60562837CF00670BA83C1F440FD473B9EE29C5F98DD5581B9CCC5491F9F391D94C5BED0E039065D712ADA05209227206D15F5F4646D408CD54F29320682452ECABE932760585901C5EEF890026FD649B1DEEF85619C7B22E3A383E43A2F137B607A1E07752FFE223FEA19B513F85BBE207760A87F6CFE454673FF437CE7C8AF7C121DE57BC1D648F51650404ADDAA2AA4A97425D220D0BEAF6A7E84F81E3DBCC720BEF95FD01E56360DA8781EB1CD64A46F1040D6B9F2D9BFA1024A61D48B67F18FD41793BCA215CEF9F75E4E06BFE9D7E24C892BAA6B2D19D1A94EECBC97C27A498213273985A8D02564205F9E7D8CAB7CF09549C4228C25166234C2C880918747D5D85AD8A585A599E91A390B05DDDCE94DE5CBC94ACC75792743D72A4CA268B4AB50B9FC236B9C4165F9484E6AC2DAC12931F13BA5411043FF694E33C48B56AA1D501195F58C9386003048DA9FC9990E9DDD1CFD52F9EEE0D32877572C596D520CBA432812CB4701B0ACD9C19848BE7B9274C39062A89F29C8FC3CD6461BD8868DF216B48DFE5E9E655D6BA569AD63B220C871E6BB0A6E28CDB9D633439BB051A5E1482D3EF8D47630A865A80625A0DC4E69DE025B8703D7EAA4881005216CED49893B644617792307347B5B7EC7E2E3F4764B1544A425C10702257EAB2624238D4D45FBA4C299EEF7519A91BEF7B54330E90471983E503E31B0CCC107F39FAE4E1530E55EC5F393F3C33DFCCF0705840266F3F9206701E9756D925941BF3B3796F9688347ACCB5BFBEB7B8EA6B4F38069F29F1E0026EF3CC5FC39C94543F4C981978FA785C2DF311FA7586958A90D724CE9ED3237860BF2237F97832DA7DA8DF300BE74392B020D430BA97ED1EC2A43CC6C6297CC286D9398839AD8CC5F351F0350539B23EA98EA704367B1323D9C6EDADAAE90986FF6DB2FD7B0EC4A3CAF469EEBC7DE67D93EE2C60EE6725855ED7D705ECB1EB64337A2B6FA982F85CE297EB32BAADFEDC675C02433D6F44DB67E09A18DA6443198D0645676B024AB36D5C17C5D5C91C2043D9C8BCE77B90CE5C22D6FE18002FC18EFFA0B402D8D84468A68B68E4005F2158E2208E3E4A29C591602B1DD5C5D0EA2585DC9A34E9C43CD279E96DF759E7E8345BA91B51572F44B0363960919746685C8E99E943602D61C4FCCFA52A9FD3C755AF02702F49C2FBEF48A0A3734FB209546C7898F8FF321D4D6FDF4905A545090DE4CDA43B4E029D1B33008A33CB3255957A1735C257F5982527B75663DB5C42B62BA90890420FAB70FDF80B8DF6E739A50A1798D8C394C52DA2F831F8183826378335836D08093E3EB62A1D4755F206FAF7180F7F4F312ABE5843FA5D54F9D6DA18130AC13E10CF67A2359ECA00715133C6BA6249C4EAABCAD2363DAE86BEE16F7FE2F1B4344402A4D0B98B49CA85C9A4A39DAC767BE18ACF7973B0B7C7A948C0AE410D513EC5D09EF8565D759A4E18379C61E85FB534DF957198E4B770D9CE5673D289331EB3B4D7F5ACF0C21BED079340A726ED600548BEB04669AB4A6E0B8E6834874C142EE263435B73451380E89B600D4D25A1727728281EB92A6B8842FEFC06B2B413562F6F3E0380108028903C43340FC36D9D851D9CBEE2DCEE4624280AEA1C8EE54B269A5C44A63369068787E4BCDBE487A4985576C8B470F1CA5F7F767F87F7AC2D421F46BE283B38385F1FFA4511C21DA9A6C418DA4C2F3D335BBCDE645A0FF71CF8CB7011914AFFDFC0F3816F247B84CADC3B9295CC171DA11482003B6B03F4387DC987DC80C1971B65506ADB07EF010000000E00000042365959565770306574382533640200000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977|01000000D08C9DDF0115D1118C7A00C04FC297EB010000000F0397423A977D49A9133626419937C500000000020000000000106600000001000020000000E39A2051771AB8338BAB6CC238E37514C2FFFF86D2902BFBE20FD42D706CBDBD000000000E8000000002000020000000E38599E2A5A370E279F367C652F82923726726399ABF033FB963117DDB607D7A500000007F6B4A994246B04376E65C6C89ABE0477D6AADD77FA24790FD30A366E7A94802E71A32D11BBA62B3AA9BBC748079489C363B88032DCD33B27FE05DA67BC7EEF13DC62720C5E94AD4BFC3F95F356787F04000000091CC6C79037BD33A9143CE5D2C49744B7ED7D9E404EBD0E22A193308FB877E4F34E8DEA12A24D27B3E045A90DF6F009ECCD92DE5AFB91DB7D3FAAC78F4233958
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\CHANGENOTICE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81|01000000D08C9DDF0115D1118C7A00C04FC297EB010000000F0397423A977D49A9133626419937C5000000000200000000001066000000010000200000008565D213DE2426DB943F2AC1697F91780B6CE1B7FED40D84E3FE35F92F7985D1000000000E80000000020000200000006B4A097A16D61787DB371CF3AFD6733C37865B5A885891656B0BA6E5C743669C100000000DD4F6AE6E817305B568F012A922E29A400000007948DBFF9619DC001D31831027A59848269E6A10E96473228E512A94B12DF7CA428909CDC3943F187E2646D013BDA527627FFCF64F914908A056D1612E23B683
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1900000019000000E9020000E0010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MINIE\TABBANDWIDTH|F4010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\NAVTIMEARRAY|040000000A0000000400000022000000060000000100000000000000000000000500000001000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\HASHFILEVERSIONLOWPART|02000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\HASHFILEVERSIONHIGHPART|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATELOWDATETIME|000E72F6
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATEHIGHDATETIME|CA5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPDAYSSINCELASTAUTOMIGRATION|1B000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPLASTLAUNCHLOWDATETIME|C069CF64
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPLASTLAUNCHHIGHDATETIME|985FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPMIGRATIONVER|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATELOWDATETIME|0A9BBA76
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATEHIGHDATETIME|985FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\COMPATIBILITYFLAGS|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\SECURITYSAFE|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\RECOVERY\ADMINACTIVE\{373BB1E5-CB8B-11E9-A10A-0A00272257C6}|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOWSSEARCH\VERSION|5700530020006E006F0074002000720075006E006E0069006E0067000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\SECURITYSAFE|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\RECOVERY\PENDINGRECOVERY\ADMINACTIVE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\LOADTIMEARRAY|360000001F0000000000000001000000000000000800000001000000000000000700000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\LOADTIMEARRAY|D4000000270000000000000005000000000000001300000005000000000000001100000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\LOADTIMEARRAY|A0000000150000000100000002000000010000001900000002000000010000001800000001000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\BACKUPDEFAULTSEARCHSCOPE|000000006809000006E8EC22B07E133DBA26A6F2F1EAE3BEC46A916AC5869573745E3E356753760CFA005CE4695544F55743BEAD2CB4B157C5ADE5DDCFDD9589D2F97F26A1A1061D79B6E18BAE5446E021E5CCF36AEFF979D59DB587BB2DCE9767AA642AB7B03D999E28D255E91C7C4C7C2C27CADB3ACD3CED5AF8A40A1675563B8FBECFBD2000A54878245F7F4EDB36BF37D33B7C37497BAB0432BF0C389DE1FBC93B8A29920587CDC4D0F6B988275A98285A2CFB840150E2BBCC287E33A3529978B8EF16A4EFEE1B2EFEBB166CD7CB561E8C7D97C343AEE89FCE4318A771DF14BDDB4411F7DB4FFBD4C88FBD98C42A1E3927857393DFFED0D00B992E341D9611B64057742B1D4E42D8D957F0ADDD5EFC9894CFF793D8D4EB6EC2C4087A13A4B08464AE6FE05436DF58C98A1B4DCBE5D05D6334EF659DB1C899032AC2183A288C471204E1B6A5893F76A593A6131BB3E3A7663B2EA828D68B71F97FB8B0D79D6A200A14844D3398A650C80158A4209E2D9649D192FB0B2379175E25D8E1A0CFFE2D6DB67746ED2A03088A88FC9DD8606D4A974CFE008E0F72A94E4ECC4B1A61A08FDA4A7A3FC43D87BCE9D1C39F1424B9E25AC16C56EEA976485DF9E58E78E43A67E87900D979CC1E8E6D1A084B21A3C88008A4DE9CC0A673142CB84F4A827C0BD30C3CDFB460A9979CB5A6A13F28D4154378C3F8744E8A412D4E4A341FB41CC2F4483CDA704C6BE1088E02451D772B4B4BF585567DE0D459B3140226AD92459DEA287C89ADDB666BF13810FE830A668CB7C382FD56F6487DC6EA0160940A6275D627595C0CC9B7A6768BE8271351EDA1A9F366E8A19D3A4E86913E6E741AAAE5D6B9D3502B535D7FB9B48D0C6B4CBF884047252BFDA0F74213565E89EC3B9CBC0B1B2D70AB6663C7D89B69B82CCFF1329CB480BD096430648D515C8A9E99003B965DD4F42CD71D42F54EA058F7DEBF68DD0ADC4467A1842714C603BF29E0836195A7A1DC4E3472D72E542EC26A5626B422C46151B64B1129C80137932D9BD7C529FF65A0B1E5335AA536DA6127C014D38DC174AE95FF100FC9610BE54A9F70857212C18BF5658BBB7877F603CCF72B073D957816A6B9910D372CAAF1206DC64F91015742BB20743CC96EEFAEFACB085D52AEE57C8827370632CD124B4FA12C19A46C453BA17546B9B6F8AC0952102769EC05AAABDAD90B47DAFA9B3C77723BFECCE2F01248424F2A610EC3C672894F802A85E2023E5C63EA4F3E4E4038CAC04A2A4625CD50177EDBE8177454FCCB93C32EB3DC21538DCEE7B10F0F5732CA4D31DC777FFA59E61E026D1D7D178E6BDD2D17256ADCB8F01DEF20A89603058B460C030429870390A0820E23BADBC9270E0F053889140F8170B4BCE1379C50EC8D83BFD1E774EFA47613EDA6943A4E7DAE8917F65568F7C35D9DA59379E0B518B75F3184775EBB64FD65293444E5BB6C29C26F9A4DC00F861E8CFB0A82B7D3ECD249774F3822080776DAE177E169B23D9D1D2C02E92EF966D9C6DE744BEB4A24BDEEB28C27B276C6145337F741D3D1103B726EED7A0C5467EB2A6E4AACFDBAAA0C7003A9328DA55B15B14985AC9EB9C03126557E66C2BF1153A5CBBF331EC3B982218829CEAC354EEB4739E35A320B7B2FEF0093A36EDC5C1FB9154BCE0405B614F76210E353C7CD77DC2572C3CA65A86DBE91A596894974EFEF6C31400820368288B13F0F5FF95457532FBCC0546989531427E02FE5A8268988F0D06E08B49D7A6196712C056C333A8C75E87F99B5EDA0B8E2306223986A7C96C16F752761C255432FF62F08C008506819243F98EAB22C97E1E4E890B8F6CF87FF7D9176C78057D59D1356C49569C4F139A6E064A91E36CB469959FAAA50C991CA88D9B98527898E00D4A1BC8B4F4270F76D4AB3901D41BD30288C060D48BDA94223C7B43D7E1D277985A2B5420F97A67192946F41AD851ABF044BD680B9F24788078CEF8E7F67BE2659980C5BFC58F6C9C20EF95AFBED64134A5BA9A5979425BAC73ED218EA63FA28A8D92E7472A0891DA70B9A7C27A3B54B45CE481BF0B473F921CFEE7BE1CB23A07395522E81D3058FBF8300486631C3892EA9B781A45D686566D3065750BD42AC4BDAE5291084C33DD7868C5C902E3BEC8BD6EA792FB7411E901A1F4CCAF1D46DB0F8F905C654D44902790C5A1B807594F96D67A2BF3678440F1D51FA91836403BA2A8F6295F47AD20C28A3E08A24D7A0DF43AC9BA1E21CF7FB2C4401F6455B8F1B936CE12A2EFBF766A87290AB93A1328CD2E0068FA40557C48228019BA8F72F6A89562056FC7DDA85043D08C2ADFA69C56E5882B0AC6484A1168F99F533F10408341AC020B7F59956C3B0E93F383365A3C691AEF2E2329E1047A36B2387462F747ABA61714F6B56B4306DD4F1EE4A463FBD6E2C4F6910C47A51A51662F828CE293A95A3D296992FD485D167BC1ECE2B728A4A9B53313D19229BD63AA3B1C90256DAA626289D534687D22744A6D8DB368E2FB39A979A13BADEC9F877B96F95EB5D23848A0118A3B9D6C40309C9AC1886A94016CB412807C89DABF86DF2C259AA2E6D557062E02BAA3D32E4570BF9543BD7F275CD01410763DFF10ABCCEE7015D511C22766878AE37137E28CF34CB74756C83FE3F560513ABB2B46F04F72DA525066D203D69AB3A82AAC7C10F3B4AEE530AEC04C3212CEAC02ED154E58CEC64238A91A265E4348FA946EA2BB9FCB8FFF7A2EA5BF873FCE3C2980D4DFF050D2975231DB48E597C0DCEC64D106B42013680DD4FDE7DEC48F5D1441579F23D1DE73CFFBF8A586B5F850FFA8882C61CD6490E0CA60DF45587FF0D893C925D99F590985B553164BD0B318E5DCF046B7660A1C0DB2945FC6BF1F196291FDDE289F52CAAB0403F503FEB3C6AE333E4F8507BD5B8AE06C034F3B6E28C70049520B8C23690351634BDE59CCFC20DB8690F4186191511F33A3E4F40FE0FE117CEB7DCA4D06BF29DE04BCAFE4AB8E02EE84E26C132F7DC1070B91881DC3F9973C94733686A5C0E18D29A464BF06AA3E79D56DF3C4D7E8120DB44A05CAD3C72FA1870FDD8108183E1BA4A834050FABB3532C8F457A3C9C50B53817314CA269EF965D285C2E0FB1A5A77FC525E8186DDBBDE4270CCB6FAC1B1920E1BCDA01DC5A83E0DE58FBAEA8324014E562C5930B58E0E66685117301312CA8DCC22B141E86E0AC190664D6FEFB23CE1DA97FA167625BDD2B9C61B8B28C07E9D55C6C4B2C8FA7C8E0CE80BA8601F1E55815C235A9B188A276CF5912AFBA394DDEB358B90702C6014617192B6415EC44A5382A21A3CB56406DFDBCB2F9611FAEF777A97FB24CC88F27BF299B926B7B26087E13578095BAF0D988EF2B92D30307272FDC7134D16B6CAAF562AD23792853760C4AD9291AE54DE12A7010000000E00000042365959565770306574382533640200000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977|01000000D08C9DDF0115D1118C7A00C04FC297EB010000000F0397423A977D49A9133626419937C50000000002000000000010660000000100002000000032DBF3F54C57072D4280B784EAF032FC49706F8A094CE7210BA4869105729C2C000000000E80000000020000200000007765E410DDFC8C9B9B6180EFC3E57321A74B44E85ACE59632E8353C70A827F52500000008A708BA2FA582D4465F240255B57E6CD38DCC718913EA8A8C2176CBB79AF4D505BD8873F54E2A5351BED33B9C02A7C5A24062D206B6F674AEBEFBCF16648A2822A01355C0B437FC8C5BBA399581CD47840000000DF5D3A83BB146C6B6DAC2E7759A0F31BB1782C47B380E1B7DCFE5971FD1318B667FF195FFB5E16B377D4049A1A85B6DF2928F68B16E17C5DC5CE7C61A087689E
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\CHANGENOTICE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81|01000000D08C9DDF0115D1118C7A00C04FC297EB010000000F0397423A977D49A9133626419937C500000000020000000000106600000001000020000000F24034BB8A7F9C39A23CC03F028C593496A392C33F76D4E11CF9F61A8988804A000000000E80000000020000200000002E16B7946965E6EF534A183CCEAB422EC4C3FEB1BD14EE93643F256A6C1F63B9100000007B12D4F72A238231A2C36FFA099338724000000081D7128F6CC6E1CEDC96925D63DFD557D0FEC40675DC6C500E37F4E8105BA681822732D1B3C34CC1B2A3F1A818F295E1B27053CD0D471DADF6406AF1166EABFB
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MINIE\TABBANDWIDTH|F4010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\NAVTIMEARRAY|03000000040000000A00000004000000220000000600000001000000000000000000000005000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTUPDATELOWDATETIME|92FAC65E
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTUPDATEHIGHDATETIME|995FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTCHECKFORUPDATELOWDATETIME|92FAC65E
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTCHECKFORUPDATEHIGHDATETIME|995FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DISCARDABLE\POSTSETUP\COMPONENT CATEGORIES\{00021493-0000-0000-C000-000000000046}\ENUM\IMPLEMENTING|1C00000001000000E307080006001F00010011000000BB0001000000644EA2EF78B0D01189E400C04FC9E26E
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DISCARDABLE\POSTSETUP\COMPONENT CATEGORIES\{00021494-0000-0000-C000-000000000046}\ENUM\IMPLEMENTING|1C00000001000000E307080006001F000100120000003E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|BC110CAC985FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|BC110CAC985FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|BC110CAC985FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\DECAYDATEQUEUE|01000000D08C9DDF0115D1118C7A00C04FC297EB010000000F0397423A977D49A9133626419937C50000000002000000000010660000000100002000000085B1D8A9CB87B0753CA0C8FF5F62276BF96BA2687A4C91663FF3D07F82F0B9E4000000000E8000000002000020000000059A15FA3B4084E059BEC644B5312554C22F79B8728AF98966EDE3CA44DE2F08400000000CCD04B535BEF78EC2234158B0AD571BDF8276F47E282AB133910A39E08FB5C90A44EDB4529A8B6075D6A23EE2E2F756681C32C83961C3E42C9B5D4666BED07840000000AE30B5FE5967CAB090DDC5C9B37CF325797A430C5858C5BC38E8A1E61E03966B62F3A7E08BEFBB4E7E2EF27F0D6F6748700A3246F1F76236E6C201A237BBC3DE
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\LASTPROCESSED|A02A58D7B05FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMAINSUGGESTION\FILENAMES\EN-US|65006E002D00550053002E0032000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMAINSUGGESTION\NEXTUPDATEDATE|44A55410
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBARTEXT|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBAROKTEXT|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBARCANCELTEXT|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPMSNINTERVALINDAYS|14000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPRESTOREBARLIMIT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPONLINEPORTALVER|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEXTNTPCONFIGUPDATEDATE|85635510
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\DECAYDATEQUEUE|01000000D08C9DDF0115D1118C7A00C04FC297EB010000000F0397423A977D49A9133626419937C5000000000200000000001066000000010000200000008A37D8B75624C39D08492AE607D7641FB40D1D26893B214B9DC6B86CAFE1253B000000000E8000000002000020000000F1A3385AF507455F031286BF57B19B324FFD37A6AFD52D73EF2A833F75A161E640000000D7BA4634EAA70B8515D0B3E6006CD480FB03BDD896872C52F2AB3E71C0B8F92B54075EFA5DBF1DB2558F1B1521FE9D7214439AD7ED1096D6D927EAC95B4BAEFF40000000645E143320DE14843A3CCF64F9CBE6345D2DCF77A67E75F311AE6427319CFF7AE41E621DBB47174E2B33F22E525D9833B7FEC7C23B8D8D47E86EF2B0569B7349
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\LASTPROCESSED|90B552A4B95FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|73020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E307080006001F0001000C000000B501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|71020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E307080006001F0001000C000000F401
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|73020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E307080006001F0001000C000000DE02
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|74020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E307080006001F0001001E0000008C00
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|72020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E307080006001F0001001E0000009C00
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|74020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E307080006001F0001001E000000BB00
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|75020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E307080006001F00010037000000E401
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|73020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E307080006001F00010037000000F401
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|75020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E307080006001F000100370000000302
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|76020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E307080006001F0002003A000000F401
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|74020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E307080006001F0002003A000000F701
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|76020000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E307080006001F0002003A000000F701
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\DECAYDATEQUEUE|01000000D08C9DDF0115D1118C7A00C04FC297EB010000000F0397423A977D49A9133626419937C50000000002000000000010660000000100002000000016DE55B74B448ABBF045E740F57CA5009E3E5B33F8040D33912041DAC8BD101F000000000E80000000020000200000009BECC520A451EE00E63A2DA008F3E807532D70205F6467D6CD0C4676FCB5CCAC40000000C9AFFD6182BBEEAFEB0918F6B668297B186D4A4BEE087F6E07F740AE270C1A7D8C0AA15F1B479F125995E31CB6C588EA1109D3943D577CE634DDF2E3AC9392474000000050277F4FDFE5CFEEC6C806731E37F62B0C6AC216928E2E2E9C343A48AB74226D7777590C4E8B2FD555690A97241EA2FE2EC8F436AFE2BF3E23DAE4E2A5C34FD8
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\LASTPROCESSED|C0C54326B65FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|D85F1AAC985FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|D85F1AAC985FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|D85F1AAC985FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F60100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0D2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1900000019000000E9020000E0010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\LOADTIMEARRAY|15000000360000001F00000000000000010000000000000008000000010000000000000007000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\LOADTIMEARRAY|1F000000D40000002700000000000000050000000000000013000000050000000000000011000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\LOADTIMEARRAY|1D000000A00000001500000001000000020000000100000019000000020000000100000018000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\BACKUPDEFAULTSEARCHSCOPE|0000000068090000C69F6B737057A61B7A9CC0E23189AB56048EDD44851B0A6B34A0A97C278EFB783A50D772A96541FA171162096C4B0D9005E9D5AB0F2AE2A21213768F6154F716B99DD61F6E9D0450610BF118AA7D1EB615F130AB7B32F50AA79BC0F477DBC69A5EA8CBC8A99D3EB8BCA98AB11BC1A18CADC6DBFD4AD3FF5E7B5971B6FDC3BA3B888F19D73F07F5C7FF0D15983CB66E43EB88D4A94CAD42C93B6B409EE9AC70BC0D747CA479792B9C58562504BBFBA078A25797F73E6008FBD9F25BF4D6363C34DB751913D69472FB16A4A9485732A64EA853983CD88B6FD2D40EE18A5102FFEC3BB4B2087DF93700DE1666C633FAC588909C5F73EED0168E51E0301B34AEA34A025041A5B046B659BCCEDD31B7F283C1AB522BA0C8CE979970869AF2AFDB69C79F68655A5B1C661A10EB8D272FBC5CAD8895960F8225B2DDCC21DFEDA1294CFD7F1E3DC8E61C4315238D9B106EF7A26ACB85515BF8751EAB2AD2A8C5C438EEC0E690BE6F98E490CD6DD48F55D242AAE6B9426442185E832F3EB76CADB7A8DF4B43E089303C165CF5ADDF5FE53E3FFD4EB2EC6B530C80777CE0F15D3B3A1A1777C72C849E83500679F9D0F807AC8CBD92B6A37864257B871AFAA0ACA9402CAE075E96811C4834662408C62A829ECBA0F8B387F6DA0FEF7D384BE568611F7F7505D73CAAD0E1606FC855E1350F389B54BE81B8C6C4747CBF5502DE4BD41AB31A2621409E62857515018B40BD1D969B83CA99565AC166C24894DDAC67ADC968404DABC0A78E3E143381CC05F5EABD6D7D73BD8130B8A0606487B56FE54A9C3EAB0D66DE6B83E7DB44F0E14F39E128B0874B8E592464AEF8C29D2548DF8B90D5654DBFB8C9134C6CB258483EFC52EB03FD0B02FFDCA8C929BE16FC552FEC30CE6CE7077008B7F865E42872F21D79FD08237A249139BDCA93D689FBB76BF134C74B6D8224585B98672EBEA88AEFCC045EB87B6730E624FFD6EEFB218F78E61C6116ED17F6880102136787F42827A691A4671A69FC067453929A8505FBFDE8E03CEECF9A041A33A10717AE13EB7D37EE7C9DAB4F1587EF2567208DC51C2845CBF88BBDFB70EC3E43E5535B47F38BCA5685CA054D9B5EEE31F50A888F121D24823595A07C59704AEE4BD2809D5F5E5DBC5E8EBD46AE4B140BDC2E5459FE6C867B945BA8F9DE613349DBBD39A951AC7DEBA9CF7D076EF85C7CBCF41EBEFED68E52B338676A213A3F06333DBAC0E86A85420534642AFB79F08034A6D88A33FF230D3371FE9B407D9D94F4F4CB03449918E11166792775FACE97E6323F71BE68D8BAB4F254425D73B457BF5EDC6D858EFF1C6F9F2E2FFC4447C3715372CCBDCD28C7D66964C29690449B32809DCFCA194854BE2AF574B09540DC754B19C3513709B4391993530D895A7AEF1733C93515BAA89D41DC5DB18552A092F71A9F9A2CBF9E7D4620A5E0950A259456F102E5219D00AEFC454C1F22ADF768AAE209B955116243B3991A31F806A9C231A95DFA34CC6E9001A8061A50D12B976F3A2ECC09C07229546B931EE1F9131A8A8B3294B41ACCE25863EAC2A01A3DBF2EABB0F497564DD0917671C9D9BCDE3AC693E6D2C0080246FD9EE5374C165E802B7A61520F44ECD8D1BF87501D5472C46F87AFD627C72E5BAB3EF9997AAD447A5C2A3704144893E1B1241CD598C20A563D847EBFBB8DC9C0C4E7AF08DB1A484D4094C82B12329F8B4A2B9376A6A794914D2154AD023D25175A0EC8A40BB6C898908EA1E74DEB45772DD84C55B5B05916361978BF4A5563FF831AD68D6E8CE7FD602203594BD24843D29C2891B2D9D883228CD7176139D017FB9DC7E3E1C4B61B5451159F306B04907D4FB149077E247A8CCC0BD49CC33A01638ED1C608DEF992846DCEDA1359FCFE8A35309FFA39F3996EBF7D160E2C465CD79FE956D4B4F4023801672BDFACF52D1522E6B12796AF8166C65AFDAB3996C7F6A487B3A2592F0B67417EB0A57DCCBDED9AB6A1698F39D35D44A4A8CDC969E41BFEE5FD51BF124D0E17BA8A1ADA6E4F2615C98D4EE2DA2DDEA7F5394CA288517421B354D82C2E684DB7E3D920031281D84145977C2D4031D40A03CFCB98F7B01527A8D8C58A46FC2EC402BEB4F625F4DF6483DD92DFCC7D9E607B8A9A032AA0207381A9CB795FA96E0A1457424E394839C21481CFFDCCB28E35B5896483A7C04961B8E7EF3A110FAFC024C5256BCF1D2118BAA18CAB6371BAFC97EEFB10ECB2670ADCB2546984CD8E649B28D0F1AC136C283B5FE294B25876EDE1D8B06620158816C52A8480E885E41D37A1369896CABF51BDD9E3157D0999723A6771B5988865A224708F38CFD694B2B14EC9405AE30B3F35310640F0223C2C73BB75A4D1ADC22A72A2D7AAE360351486501F667AFC6A9DAB85DCACAD4498778AF3FEA92E23779650E0CD4BE5C3CF6F68C8FBDB55B6D1E659F78D16111014938E314EAF8A89DE447D4D70B4169FBBD609D44DD4E6B1E74093A535D2E7244A4B1B94B502F38146305306B13938949376D5953C44C48D9460E3B1320843228636583C4B9F56AA2723472C87553842A55E992B678995EAF78C6B3A1EC9A4A80689944820BEB5A3CBF747DF56E04A493BD441B7246A62691FA0EE5FB7ED68586F6FB4DA0FBEBE0E31EB533FC9152F49F63DE557856160A8902B7A42F9C501D015FBAE11F156448AAA012A6CA77194E10194A42C843C6248DB9BCF01F999EBB1C6A83F0DC01A9BB61F772386D8568DB3056E69576F04F4E9C2734DBEBFFB509CBE6576EE93501E34704335AD5486B95E4D9327F6033BCA2B509AC597EAE7C22F923489D392144DA35CA93F01CE69D282F323D02A566CF1AEA2B271AE3CB2440CE059E1DE99CD85A2F8DD31A2EC2A9DBF394EEC13C403FF127A87FC21D8CC24D19718152E1FF100D3D8B722B05A9CD5B5B89776D2747D74F870830F128F50A91FB40459E322197AD578723E4BCBF10E04FBB1108580E120FEDE3E8A9FEF66289756DE721D1967B04717801C936249094C34DEAA4D809112C54F1830EA2070DDD78F008DFB223A1BCB226FEDA8F102582D96EA504B6663FAEDEBDF90113D0D7281F862E39F95311300CBD78AAA02E82547F7B2209DE90CB7162E90413663EA1E336E2376285783D2855462E0B9592A7E3AEC37FA645BE3C1E0461B99772C61CE8E47A857B6349E0AFCB2D7F1F5ED20CAA5A4478DC00EE67CECA5423AF667EA7D33394EDB68BD213E041A46847EBAEABC2A42B54BD2EE1C5ED8CD8463D26E5CCAC06AA5D1603A1ED43C9D30CB74C1D3A068531A52B8CD3F04452413E22A9EFC24D757400BBD6EAE3A46D5D4D7F7D78BC8FFA531D993F7B9F2D3E3E17520DB61EF16A613329F4CD670C1DE7987270F31F68FEABD6A840CF0C522BBBDEDD2811F941E1164010000000E00000042365959565770306574382533640200000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977|01000000D08C9DDF0115D1118C7A00C04FC297EB010000000F0397423A977D49A9133626419937C50000000002000000000010660000000100002000000099C7B3D6F4BDC4C165EFA2D0280FFA3A100D1BC0260E85923D2A14BB7FFAFD2E000000000E800000000200002000000001BAA71CD8EAFFE72D62095199035CD7D115C3AC16C3ECE2977A6364E2806E60500000000AA727F83099C5947239EB5BD56BA2A5647B40DD3AFA93BC19CB92D360C3B6C0C32B4E781171A1E980FC5E95FC90B8432496990C84A796CEFC80D5C6121B2235F38CC93A8BF5CC68A3E16FF39F0D531940000000EA3B13C578DFF62BA6C69A15756560B0ED19E1DC96C40B3FD758C0B5CA7D884165A192687084BE1B5A2F1CED625108B8717C8BDD3B4630D84F0DFD80354054AB
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\CHANGENOTICE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81|01000000D08C9DDF0115D1118C7A00C04FC297EB010000000F0397423A977D49A9133626419937C5000000000200000000001066000000010000200000004F4C450252F00738D998F8D4CA844845509998AFF14746F7BCD0296D0A455F6E000000000E800000000200002000000098F87EF5F3E971DDB257AA692081B289E2ED65C3D3D9E2C7C6AE6EC5F6E66BDE1000000092ADC2BD0FCFB7ED92BC9C5E00679869400000003FB5BD419C6DFC23F5F167BFE5441CE8146E389193528B0539A6192B5B8BBC89D4B496E907A4631B5B6401A72E8CC13D404B3254802C2AE4F27FC5453941950E
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1900000019000000E9020000E0010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MINIE\TABBANDWIDTH|F4010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\NAVTIMEARRAY|22000000060000000100000000000000000000000500000001000000000000000000000003000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1900000019000000E9020000E0010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\LOADTIMEARRAY|0C00000015000000360000001F000000000000000100000000000000080000000100000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\LOADTIMEARRAY|170000001F000000D400000027000000000000000500000000000000130000000500000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\LOADTIMEARRAY|B20200001D000000A000000015000000010000000200000001000000190000000200000001000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\BACKUPDEFAULTSEARCHSCOPE|0000000068090000D2894ADA4CC958DBD6B67B5F6DEAB0E2585C3DF821E2342C60BCB2F9A3E91FC1AE2DC35245FD86390BBBFF7D20FDA229C9C2DA51EBCE55564697808F65796D9A8D1E7976324AA2520D74960916F1D6DE2986C98CDFA3C56C93B61081F3390A8DEA7C7612055007B9C0025D55D76645EDE1C6CE422E02CD84CF3B8DE1F9CB286A9C67209EC3AEA154938571C5E0FC3DD637A4D0E2A889B888EF4500536DCEB82099FF2CC3D5064FC6441EEF9FF7536248EE3E3BDE1ADA78A70DF4F5BED2E1FDA12F6539B48AF7BF60BAEBBD272B0C9ECA54B6A6ABBC93C85020682954D5A681D24FB729589121A8ADE20D78097FC5E279DC2AC597CA5596C5A5C061E330BCC28F16168F3F8C248C8510A5DE166B1FBACE77BC9E626CC1BB37A41E747C2BC2CCBE0BA22D7037A1FAB40CD14055E3BA227CC48AACB4E675E07418A12F67A55A08714B7BFBFB3A35AF33CFB28957D236C357F7B65A5B5C13DB261E69CC664023EF1752C10468348335EA916860EE9E339154755FD35BFC39CEA38A95534DB3BC06C257949BE9402A2E0A4114EC1E6252BD8DEEA4FDD26889644AB447E4E1BEC7AB755314596A2FCA12F3E5D4EB75603103617AA7EBA401A17870AE9E421344E33F8C2A614161940232AAA4C99D9E62711C9ACF864FFFEB222FE23FBAB67E9BAF2B28239B007D8D7479DF69149C54F4B2ECAB4D63FEA850AD06F276BBDF421ECD30B735E2761DB9BFE08327D38F9ACA9490F9C55CD720C2E0A51489C051234DDC0D843F565E96D28316F3D027BB4BF1B701367193FB91445D3D10E1EBB3FF987B81595217C04EBB60C1A78D30D0F494BB67CAB22636900AC2CFBA115B5A97144C56350B4503A6E0F6DA7F340F2B022741634E4E37EEABADB05A4A4830259B34EE1008130087AC04E59B961EE2553D21E76B1CF8E43ECF2EC83A312F8A6216B000F98C1668C9AC34CDEDAAB4CAAB96484EA2DD2B4F8C72DBA8E08EF5885A1F18240A25E39DB4825E4E471258E87245ED16CB4295966E9A37F2DF2AF14CF5DE64F9EDD2EEBF8DC54D0885432F5AFE2FA2DF60B403DBBAA50144710731F52AE2CF1E0532EFEE1FC17F9BE2EBEB41BCAB8A498222913CBDF4953F877C5BA3FBC206351995E84A7B3B82A6C09281BDAD8970F59CDE0ADBDB536F848AE98D755B167FDDEF1ECDF3070E95CBE0D445EF357057814D843BD7F03DD8B1D7F18A8D27B7D6B5B8F8DE099992AAA98B263CF5B9890E8E79F4E64FA7EC64685E493E0AE057095F04978FACE6D5E8E05F2FEFF08480BDBC0B607B65013BF3474A18250C30653E7A2008D6FCE4A1FB1083A87101C0CBD0ABF164E3372A53E7EF47E498B3C33EC3A5F558B619D45747D978DD63462C4AA8FBD33208E7D92E3801A512B71E3CB83082E004A723209816DBBDA8F5E06332644D3CCB9193C5E9841B36F5EB6FA2EE9AAF4E7CB13A48BA19B6BE11AEEF8B495C3FC149105D34E153DFD7685DC5E66EE6CE89B48E7E6B15450A0B6F419403772272F63DCA639DA4CFEBE3037A4006A6767E8ECAA70F69184F777D1F5EED389B7086D015D6C7EBB599E057D584FF3DABC95E27B6C50D6834729D4ECD9A1B5CBDCE1B8A9AA9A7E9193A5FA3B2D5240F4FE810CA0A939821928E1BCA48C33E0389F2D105792525B7B8A006EF17E3CE3583173302CC88D03A9EA693F2EB6277481C85488DDCE35FEB8F6C777D921C1D380E9B66925067D68F5DC8A46291F8E4D51E5921EB1934772EAFAC50ACC35531C48FC14B9E3138C8E799B5EEAF1B44A669342FFAC1679A8B240EC33231EEF72936D44C817F503CC773D6E411668C7BDE70B50C7432AD1BBD672812BE6412C127A47B80A762E625F3361A48AD54A717AA6CBDF62F0A599D2B4F6F9D923F9E1A4A02ECF85FA9A9046CD88A2F62202D912BDD85FACB2A4ED5F70F8B505045AE53B20897714886FF525217D003D0AC9FA681D114DAE8F8DA4B40F06CCB965AD7CA7EB28DC801B13DA2C522514597C19848CDC43735276FC7B925842976067C89EED0C264EA2C99FB5DE5B23976578EAFE92DCCD04426456E7FC8E3B20A3E9BF9B7C76A6A1668107931D275549CAFE1F2AFC249730B8686E6D447274EA2DF3CA776833429A154420D77AC8AB1A04150E947ADBB4EE6E7CD404DC493ED7B8AB6626024DA3E3D925FA900930323F0AC1B2F190C326EFBE95DCDE45D194CB5DDE0F170C9457E4BC1E06C2EA76E818F9063978B00A742A02CB979103448DD607A2C3BCF94CA64A88082460F08DAC3EE8DC2E38DA9D67F9C50773CF96738904CFF570603A4A9DF1271CCA909D60EEDD143410C4628554854F6BA8A6818D55FAB0DF0480519EF5F5E33A24B213138C00C52F5141F9BD4AB0DBCDEE8AE6525B10745E4055213003DFE6502FA3F39DB49015A4D739623D87162436A7F1C713886C14504BCBCB1216E51A9ED7DAD0E41384DFB4F0722E14637F62BCDC981579E7D72AF4F66FD155789629E5B8AE7D08E050BD5E19F27F3C0D9BF148D4D1F3C9FA21C21CD04215E051BC0E3E7C2F79F77F07F889810F47A2A358A9E62689B3D8A0E9C3CB4C14DAC5F4A111AE8CBFF9BBCBFC8B394DC88966231796ABB250B7C65592EA1C19B951ECDCB66E2336DDAE42E62B4F8DD675868C21902162C2F6F18A2D68BEE29A6D1D6A928E4DAAEC6CE9A8B51ADF647BF520E2350084311C2E63075AD70C5E2D710F34E5166A4F28FDBDD27CE974D25F1D3A9BE45C79176BD7FE625B0E9C4C9663D95848170DFC66AD9CDF4E4FC9D18F26A5A12C7D2A065B8F958BE149D8C3ABB73DC5177CE2A3C49B18A0F481E867C14253F529BB1106B3143A8BCEF36BEA9E9A4E71CF4752742DC8534D7FC28A8C70ADD79656D498298C5FDF40C87B9F818C598D8A595FB749617E8EBF5CA18A33186B928D40A5C94FE7D7E5E697371DC007A22CE57F4F0B349C69BCFF58C45171D55456D90EF36E7BE24F204998CEA08A0C044E98E1D24833328BE00574474A4D91E1E668A230C1B80B6200850B1AD1DF6979E48C456968337AA849E5E0471EA47A6F1345F65D7D0A0D8A188534F3CBCF095E40DE22EFE5592A484C97AA98E8800A48FF747A6CFA6B26356A623C9C183EAC5F45795E533987A30D5A1B060B220532B6AD0C4D99E3D24FFAC80C4A85A1496162E466521C5EB16066D475D0392511E9EFBDDC60F7636CDCC0D38D596AE0D295B79FA2AEEF8F0BA754ED9D73B91BB1A39E73F55E1722F7920C8ECF035980F67D5BF9241195A46756477787581F6FE0B247D175D2E08C9714D17BE81BA04BB16558630BFCF808CED5F7644F3DD48BAB31D1783D127F6A44D7E9BCC5263ACAFA1EB0DF3C796F66424C3415D1A87338F9DADDEA4F4AECC6053A2BB38DBB1528DB4235EFBD38D416D16E759E32E4A381DEBEE010000000E00000042365959565770306574382533640200000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977|01000000D08C9DDF0115D1118C7A00C04FC297EB010000000F0397423A977D49A9133626419937C500000000020000000000106600000001000020000000062DA7BE62446ECB322C6C2465CE85F480DBD47B0A6232756E88F1FAD62E0510000000000E8000000002000020000000D6CD0B9FA176D18B47874F686DEE0283B5600E441FF9A74E2E153BFD11B58978500000006E8730F042075A3B6D8759B3CA43ACC83A6ACE16A2D6FC8951FEE83D770099CF20F49C262DEAB561D048CB7DB988913E1AC309B3A8EB5274C0DD6079D364C20BE820A5EBDA6D853586398FF3E40CD997400000005D0F0405E4B67BEE1D8171F1980DC3CBD2BF57EB282F65BA5516CF8A4F547EFE4E4DDFF77620DCBD3CC15AB295F450703CD8A1BCA1AE5E6C00FAA70461F77200
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\CHANGENOTICE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81|01000000D08C9DDF0115D1118C7A00C04FC297EB010000000F0397423A977D49A9133626419937C500000000020000000000106600000001000020000000329B152BDA682D5D8A281D933964D509645CC0EC838024C86F9BCE8F7B296CCE000000000E800000000200002000000021A14FF7D2E07BD3217033701C29B04647B2FAD7D40A81BBFFFD5BAF3EBCFF2E10000000DC023F90F79B14EA2D94E4715FE25C36400000000649D7DCF3E10FA173CCDB438E671A744453805ECFA880E499A3B8E66EC2FC7820A6B8E2004FE372D49A3A61E3178765CA4AA5551415EB004B7CF9D37BF8E36C
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MINIE\TABBANDWIDTH|F4010000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\NAVTIMEARRAY|0A000000040000002200000006000000010000000000000000000000050000000100000000000000
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_1348_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_1348_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x1594_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x12e4_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4936
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_ConnHashTable<4936>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_1348_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4936
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_1348_IE_EarlyTabStart_0x12e4_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_1348_ConnHashTable<4936>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_1348_IE_EarlyTabStart_0x1594_Mutex
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|14000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C95C000000010000000400000000080000190000000100000010000000CE63BDC595635C1C37B040B4E554BF560F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1204000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B82000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|04000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B80F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C914000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE2000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1214000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C95C000000010000000400000000080000190000000100000010000000CE63BDC595635C1C37B040B4E554BF5603000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B804000000010000001000000096C25031BC0DC35CFBA723731E1B41402000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|190000000100000010000000CE63BDC595635C1C37B040B4E554BF5604000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B85C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C914000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A122000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|5C0000000100000004000000000800000F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1214000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C903000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B804000000010000001000000096C25031BC0DC35CFBA723731E1B4140190000000100000010000000CE63BDC595635C1C37B040B4E554BF562000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|18000000010000001000000021D008B47B7A2A81C8435903DED424C9190000000100000010000000CE63BDC595635C1C37B040B4E554BF5604000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A125C0000000100000004000000000800002000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F70100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTUPDATELOWDATETIME|94EB5B3B
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTUPDATEHIGHDATETIME|995FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTCHECKFORUPDATELOWDATETIME|94EB5B3B
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTCHECKFORUPDATEHIGHDATETIME|995FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000FA0100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000FB0100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|03000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE04000000010000001000000096C25031BC0DC35CFBA723731E1B41400F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C92000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x1594_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x12e4_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4936
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_ConnHashTable<4936>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_1348_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_1348_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x1594_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x12e4_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4936
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_ConnHashTable<4936>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x1594_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x12e4_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4936
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_ConnHashTable<4936>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F90100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x1594_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x12e4_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4936
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_ConnHashTable<4936>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_1348_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:\Sessions\1\BaseNamedObjects\IsoScope_1348_IESQMMUTEX_0_274
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\FLAGS|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E307080006001F0002001B0000007D00
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\BLOCKED|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\FLAGS|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E307080006001F0002001B0000007D00
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\BLOCKED|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\FLAGS|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E307080006001F0002001B0000007D00
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\BLOCKED|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMAINSUGGESTION\FILENAMES\EN-US|65006E002D00550053002E0031000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMAINSUGGESTION\NEXTUPDATEDATE|A8B95410
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBARTEXT|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBAROKTEXT|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBARCANCELTEXT|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPMSNINTERVALINDAYS|14000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPRESTOREBARLIMIT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPONLINEPORTALVER|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEXTNTPCONFIGUPDATEDATE|71775510
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DISCARDABLE\POSTSETUP\COMPONENT CATEGORIES\{00021493-0000-0000-C000-000000000046}\ENUM\IMPLEMENTING|1C00000001000000E307080006001F00020020000000B50101000000644EA2EF78B0D01189E400C04FC9E26E
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DISCARDABLE\POSTSETUP\COMPONENT CATEGORIES\{00021494-0000-0000-C000-000000000046}\ENUM\IMPLEMENTING|1C00000001000000E307080006001F00020021000000480100000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\SELECTIONLOGICLASTUPDATETIME|5CD174B5A35FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\DEFAULTCONNECTIONSETTINGS|460000000500000009000000000000000000000000000000040000000000000000000000000000000000000000000000000000000100000002000000C0A8F022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|EC527891A35FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|EC527891A35FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|4600000005000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000A00020F000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\HASHFILEVERSIONLOWPART|02000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\HASHFILEVERSIONHIGHPART|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATELOWDATETIME|00D66A94
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATEHIGHDATETIME|D55FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPDAYSSINCELASTAUTOMIGRATION|15000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPLASTLAUNCHLOWDATETIME|F0ADB202
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPLASTLAUNCHHIGHDATETIME|A35FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPMIGRATIONVER|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\BROWSEREMULATION\UNATTENDLOADED|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\BROWSEREMULATION\TLDUPDATES|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\OPERATIONALDATA|0400000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\FIRSTCHECKFORUPDATELOWDATETIME|E47F8B9E
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\FIRSTCHECKFORUPDATEHIGHDATETIME|EF5FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATELOWDATETIME|64C5B514
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATEHIGHDATETIME|A35FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\COMPATIBILITYFLAGS|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\SECURITYSAFE|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\@IEFRAME.DLL,-12512|420069006E0067000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\RECOVERY\ADMINACTIVE\{4028773D-CB96-11E9-A10A-0A00272257C6}|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOWSSEARCH\VERSION|5700530020006E006F0074002000720075006E006E0069006E0067000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\SECURITYSAFE|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SITEMODE\SHOWTABSBELOWADDRESSBAR|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MINIE\SHOWTABSBELOWADDRESSBAR|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\SEARCHBANDRESTOREBARCOUNT|03000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\SEARCHBANDMIGRATIONVERSION|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\RECOVERY\PENDINGRECOVERY\ADMINACTIVE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SETUP\URLHISTORYMIGRATIONTIME|181957AAA55FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\FIRSTRUNCOMPLETE|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SUGGESTED SITES\DATASTREAMENABLEDSTATE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SUGGESTED SITES\MIGRATIONTIME|DEE97580A65FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGE|68007400740070003A002F002F0067006F002E006D006900630072006F0073006F00660074002E0063006F006D002F00660077006C0069006E006B002F0070002F003F004C0069006E006B00490064003D003200350035003100340031000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGE_TIMESTAMP|0E1D26A4A65FD501
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\SYNCHOMEPAGE PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY|
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DHP\BACKUPHOMEPAGE|0100000033000000AC2FD002D7CB17A3BC3408235ECAFF805384F2875C1A35D449D995C523D3711B9A6E1006C8639605608FB0B4A498C3ACC9766F020000000E000000547671776C7A5758446459253364
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DHP\CHANGENOTICE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\BACKUPDEFAULTSEARCHSCOPE|0000000024010000CA7DAA7E64CDEE46BC0A180247CF007CCB0D9A12CBADBFE3F5B9BF83D5D1CEBABED4B1A561E8A779ED5913321A0104530417651E29B1C3C42E4F4BC0D8304AAEEC58BFFB067CEC5F613EFE5A64749396FA5DE02FBEFDF6BE050AE3FF7C20FE3D84291AE05C2977842AD7D5D552C8A24A77011A0AC032F31DB2090AA1B1403685AF670055448F99DFB4458EC3A79D32EDCE21599359F18E14B86EC05E9B326B5DF23227B5ED4D02AFFCA84589CF9344FF56DFB634C1D8989AF4585EB33395932FD5AAB73CA205C2D833213D9D954AE6A1B059200C0789AADC27E7DE8DC40821D667F02E62CF569EE4E4CE50A06E63653D1DB1BDEBF4A26A38623B8656FB2D03906F2287FFC8E01C83A9D057CF017C8A3FBC05E32AC4C430CB9D73CE4468A3C2035161814A010000000E0000007A4842355A785074664D512533640200000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001EF045C5227FF545B0D3205DAAA52A5F00000000020000000000106600000001000020000000ECE9360519D5B438595A650615EFD18400D7EB80397A05FF71E396BFF6197051000000000E8000000002000020000000CEA936C7780EB873BB337469613D30CF89DFA4B86907E90C97F67317EE0C8B2B500000004D71C770A70219C4CE69EACB6E6ABB139DAA8C5A41655D40C2151508A4DA3EB9C05292ABF4B989D6EC880286D9760E05EC32575BD3298F06D635315C929566F186E72789C88F76D58A9ACC24D78C2DE140000000114AB95C72AD285CFF6786905A65BD7F080649C316196A46CF5460C545B2866B389E7E9354169A2366113CC638200412F31933D47E6806401F5A80EA22613721
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\DEFAULTSCOPE|7B00300036003300330045004500390033002D0044003700370036002D0034003700320066002D0041003000460046002D004500310034003100360042003800420032004500330041007D000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\CHANGENOTICE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81|01000000D08C9DDF0115D1118C7A00C04FC297EB010000001EF045C5227FF545B0D3205DAAA52A5F00000000020000000000106600000001000020000000502E9916240861C5D4BE8DBCBCBCFE2D8A092354E29628F7CAD35892EACD41FA000000000E8000000002000020000000E09740EC9FB4FCA7743C375298FDE26F6B4FC4DF581B44C23A2FCA3829B17B9110000000954A224CCAC578A98FF95B13669F5A4F4000000059888BB818C9DF415B4664B3EFB765F8A93E598DE00064EF0D5CAAE3CFB391F2682BE38A7DCD066E52780E9B814FC706F886325E7819FD977B51691EAF21EB6E
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\IsoScope_15b0_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x1594_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x12e4_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4936
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_ConnHashTable<4936>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\URLBLOCK_FILEMAPSWITCH_MUTEX_5552
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Global\KFIFavorites
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\IsoScope_15b0_IE_EarlyTabStart_0x15ac_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\IsoScope_15b0_ConnHashTable<5552>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\HistoryUpgradeExecuting
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\EUPPSYNCLOCK
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\@\"%WINDIR%\SYSTEM32\IE4UINIT.EXE,-732|460069006E0064007300200061006E006400200064006900730070006C00610079007300200069006E0066006F0072006D006100740069006F006E00200061006E006400200057006500620020007300690074006500730020006F006E002000740068006500200049006E007400650072006E00650074002E000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SETUP\HAVECREATEDQUICKLAUNCHITEMS|01000000
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x1594_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x12e4_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4936
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_ConnHashTable<4936>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\CF\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|03000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE04000000010000001000000096C25031BC0DC35CFBA723731E1B41400F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C92000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|460000000600000009000000000000000000000000000000040000000000000000000000000000000000000000000000000000000100000002000000C0A8F022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|03000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE04000000010000001000000096C25031BC0DC35CFBA723731E1B41400F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C92000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|14000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C95C000000010000000400000000080000190000000100000010000000CE63BDC595635C1C37B040B4E554BF560F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1204000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B82000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|04000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B80F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF565C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C914000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE2000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1214000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C95C000000010000000400000000080000190000000100000010000000CE63BDC595635C1C37B040B4E554BF5603000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B804000000010000001000000096C25031BC0DC35CFBA723731E1B41402000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|190000000100000010000000CE63BDC595635C1C37B040B4E554BF5604000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B85C00000001000000040000000008000018000000010000001000000021D008B47B7A2A81C8435903DED424C914000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A122000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|5C0000000100000004000000000800000F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1214000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C903000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B804000000010000001000000096C25031BC0DC35CFBA723731E1B4140190000000100000010000000CE63BDC595635C1C37B040B4E554BF562000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Persistence mechanism
type:regkey|value
value:HKU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8\BLOB|18000000010000001000000021D008B47B7A2A81C8435903DED424C9190000000100000010000000CE63BDC595635C1C37B040B4E554BF5604000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A125C0000000100000004000000000800002000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\IsoScope_15b0_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\MSCTF.Asm.MutexDefault0
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\IsoScope_15b0_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpproc1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\wmpinst1998
distribution:1
category:Artifacts dropped
type:mutex
value:Global\acrobat198
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_519
distribution:1
category:Artifacts dropped
type:mutex
value:{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_303
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_331
distribution:1
category:Artifacts dropped
type:mutex
value:{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution:1
category:Artifacts dropped
type:mutex
value:UpdatingNewTabPageData
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesLockedCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x1594_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\ZonesCacheCounterMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_DOWNLOAD_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IE_EarlyTabStart_0x12e4_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\!BrowserEmulation!SharedMemory!Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4936
distribution:1
category:Artifacts dropped
type:mutex
value:Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_ConnHashTable<4936>_HashTable_Mutex
distribution:1
category:Artifacts dropped
type:mutex
value:IsoScope_1348_IESQMMUTEX_0_274
distribution:1
category:Artifacts dropped
type:mutex
value:Local\MSIMGSIZECacheMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution:1
category:Artifacts dropped
type:mutex
value:\BaseNamedObjects\Local\MSIMGSIZECacheMutex
distribution:1

เกี่ยวกับ VirSCAN | ข้อตกลงด้านความเป็นส่วนตัว | ติดต่อเรา | ลิงค์ที่เป็นมิตร | ช่วยเหลือ VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号