VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

cf8bff1270808d7bf9d53936f169f895    Hybrid analysis report

Basic Information

file name: cf8bff1270808d7bf9d53936f169f895
file size: 52628
file type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Submission time: 2019-09-07 07:20:45
MD5: cf8bff1270808d7bf9d53936f169f895
sha1: 4dc0fa228a0bc33ea812718e34355de08c18c86c
sha256: 7fd5518fe9e85149bcef113b7b25d78cb7bc9f2a6fd03b941bbc1564c1d83dde
enviorment_description: Windows 7 32 bit (HWP Support)
total_processes: 0
total_signatures: 0
file_analysis: 0
mitre_attcks: 0

Document analysis report

uuid: java:java.util.UUID
xmlns: http://www.misp-project.org/
Event
id: f7955bdd-5978-4608-85e5-83a5d86bc99b
date: 2019-09-06
info: Falcon Sandbox auto-generated for \"7fd5518fe9e85149bcef113b7b25d78cb7bc9f2a6fd03b941bbc1564c1d83dde\"
analysis: 2
distribution: 1
published: 1
Attribute
category: External analysis
type: link
value: https://www.hybrid-analysis.com/search?query=7fd5518fe9e85149bcef113b7b25d78cb7bc9f2a6fd03b941bbc1564c1d83dde
distribution: 1
category: External analysis
type: comment
value: Falcon Sandbox v8.30 Copyright 2019 Hybrid Analysis GmbH, All Rights Reserved, www.payload-security.com
distribution: 1
category: Payload delivery
type: filename|md5
value: 7fd5518fe9e85149bcef113b7b25d78cb7bc9f2a6fd03b941bbc1564c1d83dde|cf8bff1270808d7bf9d53936f169f895
distribution: 1
category: Payload delivery
type: filename|sha1
value: 7fd5518fe9e85149bcef113b7b25d78cb7bc9f2a6fd03b941bbc1564c1d83dde|4dc0fa228a0bc33ea812718e34355de08c18c86c
distribution: 1
category: Payload delivery
type: filename|sha256
value: 7fd5518fe9e85149bcef113b7b25d78cb7bc9f2a6fd03b941bbc1564c1d83dde|7fd5518fe9e85149bcef113b7b25d78cb7bc9f2a6fd03b941bbc1564c1d83dde
distribution: 1
category: Payload delivery
type: filename|sha512
value: 7fd5518fe9e85149bcef113b7b25d78cb7bc9f2a6fd03b941bbc1564c1d83dde|c34d476c24126e6ff286ef2db1dedb188ca931936d87e575e6333aad58ba779b232c4b263c8de4905c9d09e58b777eff84f84b33bbc8c67780382a5b15974a04
distribution: 1
category: Network activity
type: user-agent
value: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
distribution: 1
category: Network activity
type: user-agent
value: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
distribution: 1
category: Network activity
type: user-agent
value: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
distribution: 1
category: Network activity
type: user-agent
value: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
distribution: 1
category: Network activity
type: user-agent
value: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
distribution: 1
category: Network activity
type: user-agent
value: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
distribution: 1
category: Network activity
type: user-agent
value: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
distribution: 1
category: Network activity
type: user-agent
value: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
distribution: 1
category: Network activity
type: user-agent
value: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
distribution: 1
category: Network activity
type: user-agent
value: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
distribution: 1
category: Network activity
type: user-agent
value: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
distribution: 1
category: Network activity
type: user-agent
value: Microsoft-CryptoAPI/6.1
distribution: 1
category: Network activity
type: user-agent
value: Microsoft-CryptoAPI/6.1
distribution: 1
category: Network activity
type: domain
value: danlod.20temp.com
distribution: 1
category: Network activity
type: domain|ip
value: farsi.khamenei.ir|130.185.75.67
distribution: 1
category: Network activity
type: domain|ip
value: mihantheme.com|178.128.128.87
distribution: 1
category: Network activity
type: domain|ip
value: ocsp.pki.goog|172.217.164.163
distribution: 1
category: Network activity
type: domain|ip
value: s1.picofile.com|185.49.85.182
distribution: 1
category: Network activity
type: domain|ip
value: static.mihanblog.com|5.144.133.146
distribution: 1
category: Network activity
type: domain
value: theme.mihantheme.com
distribution: 1
category: Network activity
type: domain
value: www.ammariyon.ir
distribution: 1
category: Network activity
type: domain|ip
value: www.webgozar.ir|209.160.40.232
distribution: 1
category: Payload installation
type: filename|md5
value: urlblockindex_1_.bin|fa518e3dfae8ca3a0e495460fd60c791
distribution: 1
category: Payload installation
type: filename|sha1
value: urlblockindex_1_.bin|e4f30e49120657d37267c0162fd4a08934800c69
distribution: 1
category: Payload installation
type: filename|sha256
value: urlblockindex_1_.bin|775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
distribution: 1
category: Payload installation
type: filename|sha512
value: urlblockindex_1_.bin|d21667f3fb081d39b579178e74e9bb1b6e9a97f2659029c165729a58f1787dc0adadd980cd026c7a601d416665a81ac13a69e49a6a2fe2fdd0967938aa645c07
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|b6af436559305817f3f16cfbb7d1e34d
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|7d503fc8adc9557fecb95228d6d040955c7c010b
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|b2bd18d2a0c8bc5a6783ede915969190c5b1d377f52499688c1f12c1d90d5ffb
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|69166134415d5d9ee93bd09151d1ac397d9ab0c864ae284196c76ed908560ba9f46ec3ddaabb44e627934b516dedc6fe12620eecfbf7242382a432d0be97d0fa
distribution: 1
category: Payload installation
type: filename|md5
value: %APPDATA%\Microsoft\Windows\Cookies\6APCIC2I.txt|50049b922683dc20f1916771eae2be21
distribution: 1
category: Payload installation
type: filename|sha1
value: %APPDATA%\Microsoft\Windows\Cookies\6APCIC2I.txt|c2dc2f9976e925ddadcb132d82821c68ffa1ee60
distribution: 1
category: Payload installation
type: filename|sha256
value: %APPDATA%\Microsoft\Windows\Cookies\6APCIC2I.txt|53f08224aea082a694dc0d8b31ce3cd7a0f4d80410b40c897bba41461d730668
distribution: 1
category: Payload installation
type: filename|sha512
value: %APPDATA%\Microsoft\Windows\Cookies\6APCIC2I.txt|59b4cc1aa4a8f46ac7b42cb79214f7332f0ead5ca670eaa4a6cd09fce1032802fb4f02fc816f8910a4fdc72ec50876665530f53cb255b90b3f4444e010ca6d14
distribution: 1
category: Payload installation
type: filename|md5
value: %TEMP%\~DF1028A9C4E95E38B2.TMP|a6dd5a9da3b6849c2434d60737761f28
distribution: 1
category: Payload installation
type: filename|sha1
value: %TEMP%\~DF1028A9C4E95E38B2.TMP|d606d86252da1c4f559c49d8accbc8228cc197e0
distribution: 1
category: Payload installation
type: filename|sha256
value: %TEMP%\~DF1028A9C4E95E38B2.TMP|7aedfb36441f1e646a4e7b823c80085655808e3d90341fc0f1c31b7f1ea872c9
distribution: 1
category: Payload installation
type: filename|sha512
value: %TEMP%\~DF1028A9C4E95E38B2.TMP|cfe57bc4029b314fbaebe0964576ba2b05932b7b14cc4727b0639982b305b0048f482d488440fab55b13e8e1ed9937fb96cf5ae8ebb1475aa1cfef7727d92201
distribution: 1
category: Payload installation
type: filename|md5
value: suggestions_1_.en-US|5a34cb996293fde2cb7a4ac89587393a
distribution: 1
category: Payload installation
type: filename|sha1
value: suggestions_1_.en-US|3c96c993500690d1a77873cd62bc639b3a10653f
distribution: 1
category: Payload installation
type: filename|sha256
value: suggestions_1_.en-US|c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
distribution: 1
category: Payload installation
type: filename|sha512
value: suggestions_1_.en-US|e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
distribution: 1
category: Payload installation
type: filename|md5
value: %TEMP%\~DF7F9E18A187D66877.TMP|df4e52192daf0986e059df9e730b0bd9
distribution: 1
category: Payload installation
type: filename|sha1
value: %TEMP%\~DF7F9E18A187D66877.TMP|e668225155dad4967fbaa7d9f522d888a7c99fef
distribution: 1
category: Payload installation
type: filename|sha256
value: %TEMP%\~DF7F9E18A187D66877.TMP|c07f147bfa189490c7b4a69127122f5e75d81f00676752bb5ddb72bb904ab3d2
distribution: 1
category: Payload installation
type: filename|sha512
value: %TEMP%\~DF7F9E18A187D66877.TMP|3693d572b4b4e669109ba1cb08f6a12db90ade4ab51e16869de5d893ea535f5103f9a3bb9aedb3601849bb1260e21543b25d82857ec892545ee99d964670e498
distribution: 1
category: Payload installation
type: filename|md5
value: g.other.v3_1_.js|4cc5f2c75356a8ada1b14b226b723f63
distribution: 1
category: Payload installation
type: filename|sha1
value: g.other.v3_1_.js|7ec249fb587ed5870525464d8ad8942b9373698c
distribution: 1
category: Payload installation
type: filename|sha256
value: g.other.v3_1_.js|9c7e6c2ebd2ac2b10978a8627e31d1cd287aa43f19e5a8233b018103dad507d2
distribution: 1
category: Payload installation
type: filename|sha512
value: g.other.v3_1_.js|8a8b8e4b0772b7eb2bd41d877df4968ea7aa2ce6c7b511d1f5bf0e96c751e07b9451ac96440e709004a810facf9fda1f7fb8a6f5c6b94b5a0c628d31fcc72640
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|12d2a7cfc40cfc8e65503ee102151ed8
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|04b3574b74c3535f2135102325c6a4f6ba27f1b8
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|3f8888f32f999de729d92c56506913245da4d6de45f89beb9feb7f186195b084
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|b4f73cfa667c965b75c13463922c90bea8da0963cf72a04c8b80b50c506e851cbd76d27821fb78ea331138037894a644312f474e1bbbf4267635c798373c031e
distribution: 1
category: Payload installation
type: filename|md5
value: search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico|9fb559a691078558e77d6848202f6541
distribution: 1
category: Payload installation
type: filename|sha1
value: search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico|ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
distribution: 1
category: Payload installation
type: filename|sha256
value: search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico|6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
distribution: 1
category: Payload installation
type: filename|sha512
value: search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico|0e08938568cd123be8a20b87d9a3aaf5cb05249de7f8286ff99d3fa35fc7af7a9d9797dd6efb6d1e722147dcfb74437de520395234d0009d452fb96a8ece236b
distribution: 1
category: Payload installation
type: filename|md5
value: RecoveryStore._77C02A55-D0EC-11E9-AA12-0A0027A7FC70_.dat|f9495919552ac67cbc13674dad36ef74
distribution: 1
category: Payload installation
type: filename|sha1
value: RecoveryStore._77C02A55-D0EC-11E9-AA12-0A0027A7FC70_.dat|da9ea6834ef8c34760e3e8fbd1ba3c2eb682f959
distribution: 1
category: Payload installation
type: filename|sha256
value: RecoveryStore._77C02A55-D0EC-11E9-AA12-0A0027A7FC70_.dat|f8ffb35b17a0f1f7c004a09377afc5a7f139677eef7bf3816a9c26f49d4e5a49
distribution: 1
category: Payload installation
type: filename|sha512
value: RecoveryStore._77C02A55-D0EC-11E9-AA12-0A0027A7FC70_.dat|8f7a778b11ab8509cf7068e8e3aa994a7a6e59ad33ab9bff1cd77fa4d2684bbaff53145f1134e99721c3a1fa9f121fecdc402da5fbf29856bed99a642625ec54
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|753f00918698d97baf33f688a4a53475
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|c42fb681d064e17cc0c833b5502441f0c04db403
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|3434b667bbc763a679140ffa7309986ad5d694e2f667a0693a6a0660cd8a662b
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|7c1ef5a78c5ed3f9302f61e7736b7a7730d5b2fd4d3a07dda8de8731042713f6a8b8fa67d2d3f2891382728f589d2237857ab87cd736e367870c162f381d79c5
distribution: 1
category: Payload installation
type: filename|md5
value: %TEMP%\~DFA511D9CB003A8BCD.TMP|f37f3b9f48c48f47badd560a46c5b360
distribution: 1
category: Payload installation
type: filename|sha1
value: %TEMP%\~DFA511D9CB003A8BCD.TMP|b4448934cffb30aefd3147a0c4a2f4273facbd08
distribution: 1
category: Payload installation
type: filename|sha256
value: %TEMP%\~DFA511D9CB003A8BCD.TMP|a508221fbd53822f6c9c078e3afd44663f1598d0340935017a330fb21c2c6728
distribution: 1
category: Payload installation
type: filename|sha512
value: %TEMP%\~DFA511D9CB003A8BCD.TMP|1449fb4e6c7400ed3dc532534c53b471fc36276825b3f64993de714bcb7cefbb96329e92abd72974aa009de684d1efbf0bf220520091c6a530fd7b92c5f4cd39
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_4FB6EE64447CEAFCDB97F51E7957569C|8363ae952c0ef5b7b5c61285d895a85f
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_4FB6EE64447CEAFCDB97F51E7957569C|eb4a23ce027f4cf12de32b0f681cfc67b183da4d
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_4FB6EE64447CEAFCDB97F51E7957569C|29109b5d4e5945cb4c8f35e3e8361249ec6beb24ba79cda5b4956515dcbf8ea5
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_4FB6EE64447CEAFCDB97F51E7957569C|6655e79d00999235ca1a64eb2d207447fc950ccc0ddc9edcb7aa12bb23a39747837af1ac2de5ff9a6b6d6d04d06716952add20cc4d501985b048ab8e6938534c
distribution: 1
category: Payload installation
type: filename|md5
value: %APPDATA%\Microsoft\Windows\Cookies\EFOYYP4M.txt|067986d40d78d5c4f7430300eacf0d3b
distribution: 1
category: Payload installation
type: filename|sha1
value: %APPDATA%\Microsoft\Windows\Cookies\EFOYYP4M.txt|df7ec77d6634a36ea5a4d406ec493bb25a0d387b
distribution: 1
category: Payload installation
type: filename|sha256
value: %APPDATA%\Microsoft\Windows\Cookies\EFOYYP4M.txt|e65ea69e13e01c8aa0d3baf38b718292b6d3c3ee371aa3da14c8d223aeceab42
distribution: 1
category: Payload installation
type: filename|sha512
value: %APPDATA%\Microsoft\Windows\Cookies\EFOYYP4M.txt|ae1d34c8c1095e4bc9817515ab618ef8943ad91c7f4ccb8af926032eb104b2bc3d6f268a940f4665e1001637422f64e3e8a25cab51d3c26f0f70a291f48117c2
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\verD9C4.tmp|095c72688de7d90e6526dc0d8878f3f6
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\verD9C4.tmp|a1cae182fb7e86c74fb5467c0014b2a27472be37
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\verD9C4.tmp|8684403da59628039e9b4b0d245c5b7e1fac1242a087ded44eaf3b792e4a231e
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\verD9C4.tmp|ab7fd229a6f532ae11e4cceb01f823810b33d5c740bc9f290c79646c422affc27ddb8476c931d6e4a9686eed970e219b6cebbf68f9a12b6c629b6816cde1615c
distribution: 1
category: Payload installation
type: filename|md5
value: RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat|2501aba35cda61a1597f5816802b7a06
distribution: 1
category: Payload installation
type: filename|sha1
value: RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat|6e9719550eeafb2c4da48ab74b1cca77a8285c7a
distribution: 1
category: Payload installation
type: filename|sha256
value: RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat|3320bf4bd959e381311ff7a99f00fcd5774967185c1c9cbec6a9693fd526c94a
distribution: 1
category: Payload installation
type: filename|sha512
value: RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat|be16cbe947dbea85b65a8df82ad0ddf8c06cd08b319a1344a6c5856dd47108b53f21690ebc5993930e3a5292ee5855d5a205302cfc9411988f22742f87f9eada
distribution: 1
category: Payload installation
type: filename|md5
value: 612222_1_.jpg|c0e4f4fb961931aceb9aa48ea6937e39
distribution: 1
category: Payload installation
type: filename|sha1
value: 612222_1_.jpg|8b5b2d5f23f6680217efb8a834a5aa998830e2f2
distribution: 1
category: Payload installation
type: filename|sha256
value: 612222_1_.jpg|be45b56e64293bd0934743df460d1dbedba18b829614740d5360047e650c6c57
distribution: 1
category: Payload installation
type: filename|sha512
value: 612222_1_.jpg|f9094416c33a282460307f88a7cc9fa4f2efc53317fc355b88f0afac51aa2731f01b9f02db7a54290220e51d6fc90683f82ced2728bdb1845b1c635dcf5abeed
distribution: 1
category: Payload installation
type: filename|md5
value: %TEMP%\~DF59FC18BD78EBC4B3.TMP|886dc18ef9c018610a36ed496633a0cf
distribution: 1
category: Payload installation
type: filename|sha1
value: %TEMP%\~DF59FC18BD78EBC4B3.TMP|45a57806ca25718c097f7f5cf6bbef992fd1a83f
distribution: 1
category: Payload installation
type: filename|sha256
value: %TEMP%\~DF59FC18BD78EBC4B3.TMP|30df2cfaf88d5d2310389f11d9e60a2dddde4bf1bdeffbdca269277b40427f03
distribution: 1
category: Payload installation
type: filename|sha512
value: %TEMP%\~DF59FC18BD78EBC4B3.TMP|9660719cbc8b9258f5a6e153c75ddfb0a878f09c84870561e6f78c35fb9d7e362c31b95f9dfa0508359817a866b93cb1170eacd17b5e8e3a9fe1b092ab8d5732
distribution: 1
category: Payload installation
type: filename|md5
value: photo-js_1_.json|0d7e4ea43c3d6ce45765a387e339887b
distribution: 1
category: Payload installation
type: filename|sha1
value: photo-js_1_.json|3e4a08f74030845aa310b006f9dcda5ab86b7086
distribution: 1
category: Payload installation
type: filename|sha256
value: photo-js_1_.json|f7f2c65bc61b38aa165aa8b4a718d69678f06fc80b9c1f34103ed61001606fce
distribution: 1
category: Payload installation
type: filename|sha512
value: photo-js_1_.json|77e69ea243dfa1806537bbc237827a797c7a63421c8cd373eaf52f003eb825b5ddad8d7f481ecf3b08eae7603ea50f783d80df07b8b9e1d72a813dd489f4067b
distribution: 1
category: Payload installation
type: filename|md5
value: %TEMP%\JavaDeployReg.log|3ab950c944410fe1d40c3cd49828de0b
distribution: 1
category: Payload installation
type: filename|sha1
value: %TEMP%\JavaDeployReg.log|9c2c4e10484f3e016ad466330baf9f71c7186b78
distribution: 1
category: Payload installation
type: filename|sha256
value: %TEMP%\JavaDeployReg.log|d6be704db6d5f8c4dd11f293ae28e9cdcf9be3ef948c0fab4259b1a3e6477fb6
distribution: 1
category: Payload installation
type: filename|sha512
value: %TEMP%\JavaDeployReg.log|f0d1ab096d195c4874f7e3bff152a281b4d57b478625160a7edfcdad156b1cff7cf3e7195fb2268a94983ee0e34a84a53554e8d7a75909cc04cb8fc57bc94303
distribution: 1
category: Payload installation
type: filename|md5
value: _98B82EDC-D0EC-11E9-AA12-0A0027A7FC70_.dat|1ce4012e830aba375e2c1ec69a3908d0
distribution: 1
category: Payload installation
type: filename|sha1
value: _98B82EDC-D0EC-11E9-AA12-0A0027A7FC70_.dat|73980633e5b83a96151e304b32bef51d2d769438
distribution: 1
category: Payload installation
type: filename|sha256
value: _98B82EDC-D0EC-11E9-AA12-0A0027A7FC70_.dat|0e7ed2cf206149020e0acef40de904a95dcd2f7336802b89758b798530469fc5
distribution: 1
category: Payload installation
type: filename|sha512
value: _98B82EDC-D0EC-11E9-AA12-0A0027A7FC70_.dat|b87139a3738fd062e1a628531d21ba8d343c5863239aa64a9f58c10071163f2cccc886446780499abcd7103800c9864413a2e323d344267c031a64e632244bae
distribution: 1
category: Payload installation
type: filename|md5
value: _77C02A57-D0EC-11E9-AA12-0A0027A7FC70_.dat|9f71e62a8453c0a2a89fd53b35b6795b
distribution: 1
category: Payload installation
type: filename|sha1
value: _77C02A57-D0EC-11E9-AA12-0A0027A7FC70_.dat|459349d66a995de3dfa96c13505babf655943878
distribution: 1
category: Payload installation
type: filename|sha256
value: _77C02A57-D0EC-11E9-AA12-0A0027A7FC70_.dat|6851d1c0b70f423a696ab412f04d2940945ae02445f8a9e16f12b6151cfd80c1
distribution: 1
category: Payload installation
type: filename|sha512
value: _77C02A57-D0EC-11E9-AA12-0A0027A7FC70_.dat|d7792dea7b11839cd853dd60e23501d6e6e35fb763575a7eff0098511a1a237d353875a2f06855054f445f49f90c2fbc90055b0db0466c425cab0453e5bf2a3d
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.2|5a34cb996293fde2cb7a4ac89587393a
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.2|3c96c993500690d1a77873cd62bc639b3a10653f
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.2|c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.2|e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
distribution: 1
category: Payload installation
type: filename|md5
value: favicon_3_.ico|9fb559a691078558e77d6848202f6541
distribution: 1
category: Payload installation
type: filename|sha1
value: favicon_3_.ico|ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
distribution: 1
category: Payload installation
type: filename|sha256
value: favicon_3_.ico|6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
distribution: 1
category: Payload installation
type: filename|sha512
value: favicon_3_.ico|0e08938568cd123be8a20b87d9a3aaf5cb05249de7f8286ff99d3fa35fc7af7a9d9797dd6efb6d1e722147dcfb74437de520395234d0009d452fb96a8ece236b
distribution: 1
category: Payload installation
type: filename|md5
value: 705219_1_.jpg|43935f46ff4ca9a064822f1a4daa3516
distribution: 1
category: Payload installation
type: filename|sha1
value: 705219_1_.jpg|bbd0c2ef9cce6a1a112b403943c2e81b4eae2afa
distribution: 1
category: Payload installation
type: filename|sha256
value: 705219_1_.jpg|014364d202aea26982b6c350683fc16b080095e9edc9e3cbc2a4c96614be7150
distribution: 1
category: Payload installation
type: filename|sha512
value: 705219_1_.jpg|bb0bf9f401ef29c3a43ffea07ce46aecc4a049e6512ae0542f42cd4ab97466d73506dbbd319755b165fe988cd32141cbbd49e5a9980a9c6097af483ebaa9970d
distribution: 1
category: Payload installation
type: filename|md5
value: ga_2_.js|e9372f0ebbcf71f851e3d321ef2a8e5a
distribution: 1
category: Payload installation
type: filename|sha1
value: ga_2_.js|2c7d19d1af7d97085c977d1b69dcb8b84483d87c
distribution: 1
category: Payload installation
type: filename|sha256
value: ga_2_.js|1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
distribution: 1
category: Payload installation
type: filename|sha512
value: ga_2_.js|c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|80bee66719221ce9b3aef7ab65a585ac
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|fadb3673279f8201259c4f5d96e7d625174fe73a
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|e98335858f11fd156e44a308fc2bdcb8f116712724dec568c9a7e6644a68f522
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|14f0f3abf7c39746af64c32b5ff3b3628a8355240131a72c673208d60f50b0351c0f86b431f5910e66f13572ae39c0411f05e88bd43f784af656fce22238c4aa
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|038b859894f227d703777cba64965ec9
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|02f24b5be36372412948e4a050d384b9cfdc113f
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|94e13ff894f8aa703fd437790bd4e402b264bbe5b4fe1a0dc97146ce10022f3c
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04|de4934d2e63786799890c94149f86ec6ad5deb2824f02f7a71842efb125c1561c4fae20fb76a1e5bd9f6b9de3a3158cba7dd37047ff5dd3f0768d9aa1197542f
distribution: 1
category: Payload installation
type: filename|md5
value: %APPDATA%\Microsoft\Windows\Cookies\IEQE1835.txt|264a26829f20cca78b289c5ee5678f53
distribution: 1
category: Payload installation
type: filename|sha1
value: %APPDATA%\Microsoft\Windows\Cookies\IEQE1835.txt|56c888b65b6235b33f585856011dd0d9f6236e40
distribution: 1
category: Payload installation
type: filename|sha256
value: %APPDATA%\Microsoft\Windows\Cookies\IEQE1835.txt|eb35ca442e9ffa3cb27afbf8e1241293ef1505bb5774a30c794f41a158bf0a45
distribution: 1
category: Payload installation
type: filename|sha512
value: %APPDATA%\Microsoft\Windows\Cookies\IEQE1835.txt|9933307e6f41ec27011ca6df395b90f8601067ca03fa7cd225091b0bd337c2aa2434b4c50204d9201bc2f468f5749b319812a271b3a4fc9623cad78ee7e8d08f
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|5eb8f15425c1ee254f19768acbd54835
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|82efd72d63232c960435abe2fa38561ac326e779
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|3b4c4693dc989f5bdbb528dd512caf538d1b57052da392c21628979abebdd79a
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|fbf806d1263721532397e88775ace14f4b7937dd8d534a624d0b5b1316d408dc98b75192fad64b18971519618aa7fbf8ef5150e041b1283e2cf1deaf61545f86
distribution: 1
category: Payload installation
type: filename|md5
value: advert_close_1_.gif|6db25f1545b6179dd2892b5463fdbacd
distribution: 1
category: Payload installation
type: filename|sha1
value: advert_close_1_.gif|c9c25c12188352960803c3fe2da938fadef9e46a
distribution: 1
category: Payload installation
type: filename|sha256
value: advert_close_1_.gif|841a15c57af7f10aa34f4c309392f2d902218d4a9031c44d3a4c63af7389e05d
distribution: 1
category: Payload installation
type: filename|sha512
value: advert_close_1_.gif|c39ad0a5088c0ace835fe6df15b992a1c4e474a75b485d7568bf409f8fe2267b2a14479d5835f4ddabe72e6d3f300142c3e4b22d5bb24487101db6598996bfc9
distribution: 1
category: Payload installation
type: filename|md5
value: favicon_2_.ico|9fb559a691078558e77d6848202f6541
distribution: 1
category: Payload installation
type: filename|sha1
value: favicon_2_.ico|ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
distribution: 1
category: Payload installation
type: filename|sha256
value: favicon_2_.ico|6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
distribution: 1
category: Payload installation
type: filename|sha512
value: favicon_2_.ico|0e08938568cd123be8a20b87d9a3aaf5cb05249de7f8286ff99d3fa35fc7af7a9d9797dd6efb6d1e722147dcfb74437de520395234d0009d452fb96a8ece236b
distribution: 1
category: Payload installation
type: filename|md5
value: top_1_.jpg|a0b39f2a740bbfcba59a176f336a1b24
distribution: 1
category: Payload installation
type: filename|sha1
value: top_1_.jpg|0aaa614857bee0ed6a860e5731068f061e73a290
distribution: 1
category: Payload installation
type: filename|sha256
value: top_1_.jpg|c6fb69fb5e5dcd471a1a965d11f1165e6198ec4a3c585cda24c8a05abbe3976a
distribution: 1
category: Payload installation
type: filename|sha512
value: top_1_.jpg|68eab45960369370fc4541efa8d67d73667aa652c6748bd1072a45b168839d6c0e17a14071520aaefe881a6614136fb1d0f588d3241b2d4270462202fc36eb4f
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|2c8fb545d001a555a1808b06bfafddea
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|c8b4bb09ce7e864b05d11f68a30525bdd4209ec6
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|25ab71679c84d91f5f5474399dc9a4f293d4cde33328fd9868f531e68f75c3c3
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B|a38fac02215709897823b4dfe2753ed86d496e3c6558ad99d7dc3bf404b0fe373fe223be8be447c321c99069c321cce2df1a29ddd7b386e7f4a4abacfe4fc866
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|a782b80223ed049958d3af1663931ebe
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|7ebddb6818494be28b403c5cd4df1ea36d2f0802
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|52512f636ace762e8f4db7ca1b1f2e0b5df9604e0666d4895ac1e1728d7c1540
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157|b4f430d88153e9734485e4d4235d38ccaabdc26d25fc0bb33015670dd681ebbb72000d69d2cf027f510043c0e732dcef3e70bac609b90724b95a9718d7d7b4dc
distribution: 1
category: Payload installation
type: filename|md5
value: search_1_.json|449f61c84cd2f7342f95403c908c0603
distribution: 1
category: Payload installation
type: filename|sha1
value: search_1_.json|08afdc36927b6c4e03c3088e5c9c812cc4215ede
distribution: 1
category: Payload installation
type: filename|sha256
value: search_1_.json|19170bd75edc0b5183a2f9fcc3001d9d222deff61e5915ad1127b65ab581a2a1
distribution: 1
category: Payload installation
type: filename|sha512
value: search_1_.json|f0656bd94c8e33ffaa08a5630f9b7d254ef4297a30b280a802b3bbd4fb8a6e6ac1dcdffb53d09325163ad2bffc0768247c9bf3a40160023aef4c9da59c738a9b
distribution: 1
category: Payload installation
type: filename|md5
value: %APPDATA%\Microsoft\Windows\Cookies\O615GC80.txt|b80a2589c1fc20ceaf348593d69050bd
distribution: 1
category: Payload installation
type: filename|sha1
value: %APPDATA%\Microsoft\Windows\Cookies\O615GC80.txt|bcca53d2692d762d99fe0d4776c7d73a0e4312c3
distribution: 1
category: Payload installation
type: filename|sha256
value: %APPDATA%\Microsoft\Windows\Cookies\O615GC80.txt|46cee3cd7995bd29f1b23e9e702909a73061bd7aa303c7fbca3ce6910b771909
distribution: 1
category: Payload installation
type: filename|sha512
value: %APPDATA%\Microsoft\Windows\Cookies\O615GC80.txt|65d9ef89fc2bdb5c9bf9f1827654df9542cb2b0b845d897e92c2f4519f767a22f080a4235ca1c62fc933576025d291d11b64501ad40f50d2d4a7fab8deecf6d0
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|feec8d07f81d1a4c0d7a8aba5405a251
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|57e0c10f01de2d9f7f9cc405284fa4affb192b9a
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|a6c6666a620f67bfbfaaa71dfc0a9229af320c38a0dfcad08a248a27b69a744c
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B|1a9f92ec1f84f88eea647a1146f4859cd3afb890f27fb43937184fc52dc85f1bad1b0f8df30142324bee7ef85808417ba1e35ab9db5a09a0a6a845416b1cd588
distribution: 1
category: Payload installation
type: filename|md5
value: %APPDATA%\Microsoft\Windows\Cookies\ACNOILP0.txt|03351e4f631d02c20d51a724ffd22e69
distribution: 1
category: Payload installation
type: filename|sha1
value: %APPDATA%\Microsoft\Windows\Cookies\ACNOILP0.txt|512c0f28defadd0f1756bb57dc9bbdb05676ea3c
distribution: 1
category: Payload installation
type: filename|sha256
value: %APPDATA%\Microsoft\Windows\Cookies\ACNOILP0.txt|46e4e5e0ff8b5e33b7abbf7354f3c96cbb8aa47a8d705f636b4402b7989f489d
distribution: 1
category: Payload installation
type: filename|sha512
value: %APPDATA%\Microsoft\Windows\Cookies\ACNOILP0.txt|f493ba7ee897731e759e10981f397a59bb139878857fedefaef75d60f602215c23d4a211cb380f3928d615780889d3e386fe9aa9534c11c9044da89aeb866d28
distribution: 1
category: Payload installation
type: filename|md5
value: 744067_1_.jpg|842ae0f1c5cfff793f4dbdb3cfce776b
distribution: 1
category: Payload installation
type: filename|sha1
value: 744067_1_.jpg|4ab7138f127e71988126cf5b9cb448e2fe9d3a89
distribution: 1
category: Payload installation
type: filename|sha256
value: 744067_1_.jpg|54fd94b02331c96f643edbc90f2662f4c3d84e08c803b25b411e6821bf0873db
distribution: 1
category: Payload installation
type: filename|sha512
value: 744067_1_.jpg|9a9a755146abed51c46773e1d345be79b1f67f0afd04059f8b308b20a6f28401ae792b3f1def8048e8640a248a8e2edd1e1173e8b95fa78c1c3b5398c37dc44d
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_4FB6EE64447CEAFCDB97F51E7957569C|183ee5f6b67575436f20490d52652299
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_4FB6EE64447CEAFCDB97F51E7957569C|5221ff355a5716f8457f398d1008cb94d3935d58
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_4FB6EE64447CEAFCDB97F51E7957569C|e82ea68399962ee0f45b776693573fd2194e34ca145ee02509f3b8b62ef7f079
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_4FB6EE64447CEAFCDB97F51E7957569C|4d51a72bf4a01582f00450c6e90f723481e770f533bd2b7d37b62a12dacb307a594f29e014b103c0d62c77342b4abb21c0a2b7b0b7d5ac93d0092a8eb4b9d83f
distribution: 1
category: Payload installation
type: filename|md5
value: photo_gallery_1_.js|a5122fcb7d4e49ffe6836c7e1350851b
distribution: 1
category: Payload installation
type: filename|sha1
value: photo_gallery_1_.js|00e2d1117d68bc8180271b49e5cdfd106b51eba5
distribution: 1
category: Payload installation
type: filename|sha256
value: photo_gallery_1_.js|106b42ec9affb49d51c747c66c0467ab99a6670a6455048bac385153869c197c
distribution: 1
category: Payload installation
type: filename|sha512
value: photo_gallery_1_.js|27151965950c7bc3dc96863b92219622cc292544384b39ef9988651390dbfeb5d687e26f8812b3862b901441647034d0746eefa98317e0a2955c2509302ed594
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|60db8534d3408a405fac5ac67798a3d5
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|1d460ff8548573253a96688cc442fd2e5b6d51bc
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|716fdd5db6e2eb32fa98d587e7956b70bc077c7450bc64ebfc54b6ffeedd9ebd
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203|76d09679e3a2206f09ba519cbf307a6884092dddc98fbf7151bd5f9f8ffed280f2cae73ae382c8acc5aee3c64eccb5a0caf281d6d1e622a471ef7caa882c60b6
distribution: 1
category: Payload installation
type: filename|md5
value: %APPDATA%\Microsoft\Windows\Cookies\OU3OLNJC.txt|049d3835f1e45a4df9ed70d0fc4fb124
distribution: 1
category: Payload installation
type: filename|sha1
value: %APPDATA%\Microsoft\Windows\Cookies\OU3OLNJC.txt|a9bb2b8911a4c7dae737b6898cfcf1595490214d
distribution: 1
category: Payload installation
type: filename|sha256
value: %APPDATA%\Microsoft\Windows\Cookies\OU3OLNJC.txt|edce6e778c8d2eada7e47f0904fc957b441d87c6f340b8ad23cce14236d36a24
distribution: 1
category: Payload installation
type: filename|sha512
value: %APPDATA%\Microsoft\Windows\Cookies\OU3OLNJC.txt|bfcce870150036021bce57e1d75146ea2214ba81363dd2709a0f8c6da7997279206b94b8ce45ce0830236a726507f5ab2226cfe37b8353e60740a2a8e323ae0d
distribution: 1
category: Network activity
type: ip-dst
value: 23.38.140.89
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|DC36D93DF964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|DC36D93DF964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|DC36D93DF964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|7C5CFF3DF964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|7C5CFF3DF964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|7C5CFF3DF964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DISCARDABLE\POSTSETUP\COMPONENT CATEGORIES\{00021493-0000-0000-C000-000000000046}\ENUM\IMPLEMENTING|1C00000001000000E307090005000600150016003500370201000000644EA2EF78B0D01189E400C04FC9E26E
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DISCARDABLE\POSTSETUP\COMPONENT CATEGORIES\{00021494-0000-0000-C000-000000000046}\ENUM\IMPLEMENTING|1C00000001000000E3070900050006001500160035009E0300000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTUPDATELOWDATETIME|480CCD58
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTUPDATEHIGHDATETIME|F964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTCHECKFORUPDATELOWDATETIME|480CCD58
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTCHECKFORUPDATEHIGHDATETIME|F964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\DECAYDATEQUEUE|01000000D08C9DDF0115D1118C7A00C04FC297EB0100000019028C5EB00A5A449D4A9AE0D3162E0400000000020000000000106600000001000020000000531D066B3C07B2FC64588D3E7FF75BD247FD3E2FB32442C79E7EB911A375D7C7000000000E8000000002000020000000BF374E1263D3F5C5C6A63DFCCB9C184333F3CE635A62562FD902C5575482F898400000006B58C5473348D01F9AB45BBD4E51D4618C1F7FAA3A05198A174A0ABF8D7CD670F4928B9CAD7A170DCB40E9EE356B0EED082F33770CD400955E234B18EC7F7459400000001243D6D85582F29FEA31CD942F3D9EA758DD59A0AE080DF1380907A431AD05EC458C33C4936D28FE2C85DF3A1A1B4F352C5887389945A55A60499857BE2E7801
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\LASTPROCESSED|E0D03E000B65D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMAINSUGGESTION\FILENAMES\EN-US|65006E002D00550053002E0032000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMAINSUGGESTION\NEXTUPDATEDATE|4CA35D10
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBARTEXT|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBAROKTEXT|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPGOLDBARCANCELTEXT|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPMSNINTERVALINDAYS|14000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPRESTOREBARLIMIT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPONLINEPORTALVER|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEXTNTPCONFIGUPDATEDATE|8D615E10
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F20100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0D2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|22FAFC3DF964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDETECTEDURL|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\100\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\100\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\100\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\100\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\100\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\HASHFILEVERSIONLOWPART|02000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\HASHFILEVERSIONHIGHPART|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATELOWDATETIME|02B943A3
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATEHIGHDATETIME|2B65D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|73020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E3070900050006001500160032005602
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|71020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E3070900050006001500160032008502
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|73020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E307090005000600150016003300DF00
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|74020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E307090005000600150017002900E901
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|72020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E307090005000600150017002900E901
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|74020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E3070900050006001500170029000802
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|DC36D93DF964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDETECTEDURL|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPDAYSSINCELASTAUTOMIGRATION|1B000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPLASTLAUNCHLOWDATETIME|B0AB393A
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPLASTLAUNCHHIGHDATETIME|F964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPMIGRATIONVER|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATELOWDATETIME|38EC814C
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATEHIGHDATETIME|F964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\COMPATIBILITYFLAGS|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\SECURITYSAFE|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\RECOVERY\ADMINACTIVE\{77C02A55-D0EC-11E9-AA12-0A0027A7FC70}|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOWSSEARCH\VERSION|5700530020006E006F0074002000720075006E006E0069006E0067000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\SECURITYSAFE|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000D0020000C7010000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\RECOVERY\PENDINGRECOVERY\ADMINACTIVE|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\LOADTIMEARRAY|240000001F0000000000000001000000000000000800000001000000000000000700000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\LOADTIMEARRAY|37020000270000000000000005000000000000001300000005000000000000001100000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\LOADTIMEARRAY|1A020000150000000100000002000000010000001900000002000000010000001800000001000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\BACKUPDEFAULTSEARCHSCOPE|0000000068090000A5826CCBD5EA83F84D2E77E1ACEF898E97066EE3D8ADD3D13BF52902126BD5FDF925E1986CA23D4540285C1E01A1A0B41612CB0CC22B15E98D9B4FC23417DD561A4130BF4BEEB64BF6634467978FAB57A66668EF46CED21AE8D391FD2210F9305D76A191ACEF6191CB7FC2BFF6DB14BA1EA454D647B69440443C5EDC487605EF2B64A563DAC533A4881CC8D921A4FFA5F86A61CB91029F16B4758AB41C6931F24EABCBE03C913F1D0FDB891E9609574B315AC6EDF3D4731CC62062620309EE9F38EBF4F2B371F3E7015AA1CB2A2C2AF45B128767A54BE3C81BDCA1A40476463CB8C32239F886C0E0693AC6199E2B7A82E3334DE863870511AE483A9641D04893E1D57D0E15F12CC38B1BE5792A285CC0385E48B215A8FF3C7F06162A9A370E6FDCC0A31F1ED1D862C79D7CE0C2418C829B31E73DCFCDBE0853B5BFC174CB4AE2DC24D091C344E53AB460831B5398B098784E0163C518C91CE5F4DACE11AC295FE5A136B99D6DBB489A04C044BF4B5C8A0A53061C15A822CF01650A8402FA61A2E0D7345F596C533A5A2A3933237C112CA1E1B4D0519D073B6FA70E9B4FD5DD6704665F9A465F9EE72E70650C8149F9FE2599E03568179CA3E559ED23155D1EF63DEE4932AD678A231F774EDB63D4EC5CC01987BBF2353E28041D9466CAB2EB77540F0C9864A5DCD4E2DF013D953B977E72039F8EF91906C97D922DDBEFF4921E4269AD6D20370E62BC48521A0BA0244B0AF5D4223BE2DBBDD2575126FC43A223689C7999FB3EE7729B529370D02176F4AE902F526DB0F1152A0EAC2DC9BF3589C54797EDC2DA5FF6769E2C3015E0286B3D75650F93A273B16A56AB3CC588A7B6BC0C8761492CF5843FCADF2206FC70A1B142F99EC4DA4882C3CEAC3385BE4DE0A48AD1D51D524308057748E8E094C9913799596817770123741874CCC181CD3FC161E068DD6DC7BCFF451B0029CA522EF418CE55329953BB3ED360EBC9F18D1BF431BD61679ECB78E3D425E6ECBC64049A6080BF2E60CA30CA9EB203B52E84A2199A64A42403484CA4C4E239438C51C23C12F1EEA8EB11B03A1B0189BE585A91183CA5B6E6BDB96D70B6D1F9CB580189DECCED25EC5C1C8080E84B72B78FABAA3FB7745AABEC22744A480DD05142DB0A5530384446D2F124C6A7FCC9AEF3DE025AAB3CB06CB122E63E1BAE6BD668677AB4DC83F3416D0ED471F7295387A4C51569B8CDF1032A191437CF2CE92FEC844D99717B668D4C293EB577773DB8C27FB0387E5BB4F1782447F404DC4FFCECB5CF3490DAA2CA913D9BFEC98BE1CF6DFEA8819CC1C192BBDD3BBA5AB81A318A437CBCD773678E5B5D16D38CDC9B92C5EF66A1B4A77E7E1408EED871A8D3A9E4C53407E8109521CA9D7D8C5FF0A661EBA93CD0656BE1FFA1F3B87EEA9DBD051C8C3EAE6146302DFE664AE0E41D136BFD5990C64F9FF5808332BE3563CD8F9D500415DFE370ECAA16F7F006BA4AC9571C69D1D9126AF86CDBF9A80A7DD93D03A2A908150F794CE6340D89B180779827681544304E52F736C779B3A5D86BD5F13030AF598393520077BCC2FFD8CC5D1801399A72A3E00DDB68AC0891140467EF1CDA2556E101BC53FF95265E61A1345907835724B1AB2797DE166FD8D1CF0133851B20EAC7E3D199EB13AFB8BAFEB8669AF0105F189C594F4A3B4529B0CCBAE48ABBCA3CD767C4855D94A9D7854E594ADA936C7078F5C6F1CADBCC434F70CB584D9C783BAFCF9DB57438EC6E610ABB10E76B03CF704615DC7F4DC9CF4F94B9CEECEF26A5F050BD6A50015BFCED972C3DE15F02CBA203797D8A9B6BE05001934D89FEC9543B43E76B112DBB1ACB522631E829A6F2AD7D486109E98FDCF26538D742D570C22E63E4B4D62FD8519A94DC291CE9849331731FD61D1A45EAD5CFB47B39C9345A6B0DACC9C104F8A8F942E7209D0FA2E5CEDE9AAAE6BBB1AD992FACFB8CAAF93490612A22F10FA1418AD8EC798BBC5D1524379E5C85B73853DFA9D4745D7BFEF63EAB854F86B9AB35EC6B6B1B067F260AD3D1261F18F8F92245797FA5CA1C3C20166E0563A016A9FCBE5B86472EE004267B7EB6A5C0E79C146C8D330AF5CF9ADBB60179BB5E1D984DA2F9ECF0238FF400BC1F45499EF46ECCF4DD5B87FCA0EB72C0E43ED2E2D8E76B37FBC8CC05260D77364FCE69D0B9CE827DE8FB3A01A2BF2BD2FEC84C4B7DCC2B1CBAC4FAF4BE777989025FA67772E9C0A7D07E8122EF04CF8DEBC449B9B2E504F3321BF910F0399854AFC597B370C5761328901D8107757692C6C2D54BCD31785B80BAC379B4CCBE3960BF78A566A04D5F1207753DCFDC977F2479C2237D518EF31F79EF4FDB8796D70FC4156BF79B042C15E0CC75C02361F6DD903E60931C095DD4548FB27ED7E8CE425EE826B9B8DD1ADD47034B4A33C3947B0328229989773848C680C24844BABEB70A74F7692699C9AEB4F7DD17A48EFD5E0A6B896FDEC6238C25B39FC44F1047D9B662FC1BD9ACD9ED135E4DF64020CFCF9DB5B488332AC0901AB1695F18000978C1E656EA7F6FEB1100CBB9A552D4A98881E5C5555096AD6E20A04074D428A40293E12535B6439DBF105843BFC6542D7BE707DB52C6DE8CC215B744DC194DB8B1C74D8A3B9A23904D308309691BE0F9A5961216AA6A2AFC53E4B595EEF779E571DF04A33AA359648E07292D172099AEBBB29995B21A9B9C3D2DD753A8DC6CCBD1878E9176D0C8B99F7B86CDD48A30ED4204D07ABFCEE60EA310819E2C528E092C749574E723A12FDC33330BE351A654E5D8F4E479FF38F1E0FC9F965D82A6419DC1276D4D719E662335B005C8E04C85A6712FF3F9599FE49A91245CB891F212F0EEC19A4C7956FFC79028DDEA17C21EB80310C720C4938902950A0EF0C89F1CBA5F811C8C5522983F189DB1D91CB1C0E343887F3EB3797F36F341CD2289CCFF28796C14E0360ED2912D17A3FBF92D0C9284C33DFDCD8F65DCD075B9591B295B5E430DA0F56DE54D469B8DD16410AFA0B0693420A0DFE5DD4AAE47F2914033D054A0D8E120CCFAA9617DF65D41575E1E7A205548D4226F86A39B4F98E1A233FE3D1597F7E54E9486003E0E668C6D99244830F8D4B3CDAFFF787A42CBBC0502850E1F5B03C6192185D6A1FF0B1A797354FEDDB3E6AAFDE5EA2B4C14ABB9547A05AD18AB2319C64044C8DC776E93D8024CE710B79D18E742E6F69C2958497AB91D60B2F878CDFE6C6490C193ADC5A2F7AD31DA3119C25CB492BEEC2BF25B05806F94F76F23FE6AE68593FA49EA4FF75818537F7D7AD9A15D909C39319948A6A19A3CE66142E4EADC479E54D7432A1FC42B1E1785DF3F90467F0C8E276D1574D63EC994CAF68E26A54AC4184DDAE87E348879BDCB6A330DA5FE29A4108E7A07EEFBBFE7915F6F6A010000000E00000042365959565770306574382533640200000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977|01000000D08C9DDF0115D1118C7A00C04FC297EB0100000019028C5EB00A5A449D4A9AE0D3162E0400000000020000000000106600000001000020000000A7B1B329DC19EFEDD7A9F1AC44C9CD9A22F413F86ABD86A6125F39B68A381B5A000000000E800000000200002000000093E4102C62BAC5D85409B65E4D572FE090D59170CC49DA8884D004009D64129750000000FCA5330C2139DA0C68DE39412550A0FC2BE17C78B10DF72E26B09A3F1D94EB87468E83B8413BA9C53ACB0F55CE3D5EC6DB4336E226B50A449B28239D2E0529A46B86D9D7D098CE51C40F08ECADF940004000000033199411733590A95A9C5C5874FB50964081D6EDE10B4B25CBBC67DC946C12EC5FC7A14B6ECE4124E802AB88ED4CE0A3FA3A995CBDE13BF2A8E3F93CBEB73A2E
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\CHANGENOTICE|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81|01000000D08C9DDF0115D1118C7A00C04FC297EB0100000019028C5EB00A5A449D4A9AE0D3162E04000000000200000000001066000000010000200000000A8AF60DB11F667098F7F78CFBA49C85F6FA76DF66B67FB477F2D2680D08C1E6000000000E8000000002000020000000A0E31FD200CBAA285649D040F7F3816014EF2C6065398596E248E5808077627E10000000E473A11EA42F6E25DC2572A747E1E595400000003B63268EDC6D6DBA279093004EFDD1BB2DDF565A60358B2A52943B79DACD8B93AB07E786867776E91DA9B95F992391B762E9CE1F2DCAD9B47839616553A5ED98
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\LOADTIMEARRAY|01000000240000001F00000000000000010000000000000008000000010000000000000007000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\LOADTIMEARRAY|01000000370200002700000000000000050000000000000013000000050000000000000011000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\LOADTIMEARRAY|F6F9FFFF1A0200001500000001000000020000000100000019000000020000000100000018000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C00000000000000010000000083FFFF0083FFFFFFFFFFFFFFFFFFFF0000000000000000D0020000C7010000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MINIE\TABBANDWIDTH|F4010000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|22FAFC3DF964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|22FAFC3DF964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|22FAFC3DF964D501
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\UpdatingNewTabPageData
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\IsoScope_f9c_IESQMMUTEX_0_519
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_f9c_IESQMMUTEX_0_519
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_f9c_IESQMMUTEX_0_331
distribution: 1
category: Artifacts dropped
type: mutex
value: {5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\URLBLOCK_FILEMAPSWITCH_MUTEX_3996
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\URLBLOCK_DOWNLOAD_MUTEX
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution: 1
category: Artifacts dropped
type: mutex
value: {66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_f9c_IE_EarlyTabStart_0xf78_Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_f9c_IESQMMUTEX_0_303
distribution: 1
category: Artifacts dropped
type: mutex
value: UpdatingNewTabPageData
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\VERMGMTBlockListFileMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_f9c_ConnHashTable<3996>_HashTable_Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\!BrowserEmulation!SharedMemory!Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\URLBLOCK_FILEMAPSWITCH_MUTEX_3996
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\URLBLOCK_DOWNLOAD_MUTEX
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\IsoScope_f9c_IE_EarlyTabStart_0xf78_Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\IsoScope_f9c_ConnHashTable<3996>_HashTable_Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\IsoScope_f9c_IESQMMUTEX_0_303
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\IsoScope_f9c_IESQMMUTEX_0_331
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTCHECKFORUPDATELOWDATETIME|5EE20359
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER\LASTCHECKFORUPDATEHIGHDATETIME|F964D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F30100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0D2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\MUICACHE\LANGID|0904
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\MUICACHE\C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE14\WINWORD.EXE|4D006900630072006F0073006F0066007400200057006F00720064000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DEFAULT MHTML EDITOR\LAST|220043003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065005C004F0066006600690063006500310034005C00570049004E0057004F00520044002E00450058004500220020002F006E00200022002500310022000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOWSSEARCH\VERSION|5700530020006E006F0074002000720075006E006E0069006E0067000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\100\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\100\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\100\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\100\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\100\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_f9c_IESQMMUTEX_0_519
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_f9c_IESQMMUTEX_0_331
distribution: 1
category: Artifacts dropped
type: mutex
value: {5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\URLBLOCK_FILEMAPSWITCH_MUTEX_3996
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\URLBLOCK_DOWNLOAD_MUTEX
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution: 1
category: Artifacts dropped
type: mutex
value: {66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_f9c_IE_EarlyTabStart_0xf78_Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_f9c_IESQMMUTEX_0_303
distribution: 1
category: Artifacts dropped
type: mutex
value: UpdatingNewTabPageData
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\VERMGMTBlockListFileMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_f9c_ConnHashTable<3996>_HashTable_Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\!BrowserEmulation!SharedMemory!Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\MSIMGSIZECacheMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_f9c_IESQMMUTEX_0_274
distribution: 1
category: Artifacts dropped
type: mutex
value: _!SHMSFTHISTORY!_
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: