VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

cf6cb3bb91fed8b56dc986443890c490    Hybrid analysis report

Basic Information

file name: cf6cb3bb91fed8b56dc986443890c490
file size: 1117184
file type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Submission time: 2019-09-07 06:40:08
MD5: cf6cb3bb91fed8b56dc986443890c490
sha1: de451f04635fa4bd29d28e4418af6b3dc239d91c
sha256: 8297ac20e502064e0cd43eb2b23ff5b3c0140e313f58f48599a66d221e9bde5c
enviorment_description: Windows 7 32 bit (HWP Support)
total_processes: 0
total_signatures: 0
file_analysis: 0
mitre_attcks: 0

Document analysis report

uuid: java:java.util.UUID
xmlns: http://www.misp-project.org/
Event
id: df79825f-f9e8-40a0-89f8-edd3c1258b1d
date: 2019-09-06
info: Falcon Sandbox auto-generated for \"8297ac20e502064e0cd43eb2b23ff5b3c0140e313f58f48599a66d221e9bde5c\"
analysis: 2
distribution: 1
published: 1
Attribute
category: External analysis
type: link
value: https://www.hybrid-analysis.com/search?query=8297ac20e502064e0cd43eb2b23ff5b3c0140e313f58f48599a66d221e9bde5c
distribution: 1
category: External analysis
type: comment
value: Falcon Sandbox v8.30 Copyright 2019 Hybrid Analysis GmbH, All Rights Reserved, www.payload-security.com
distribution: 1
category: Payload delivery
type: filename|md5
value: 8297ac20e502064e0cd43eb2b23ff5b3c0140e313f58f48599a66d221e9bde5c|cf6cb3bb91fed8b56dc986443890c490
distribution: 1
category: Payload delivery
type: filename|sha1
value: 8297ac20e502064e0cd43eb2b23ff5b3c0140e313f58f48599a66d221e9bde5c|de451f04635fa4bd29d28e4418af6b3dc239d91c
distribution: 1
category: Payload delivery
type: filename|sha256
value: 8297ac20e502064e0cd43eb2b23ff5b3c0140e313f58f48599a66d221e9bde5c|8297ac20e502064e0cd43eb2b23ff5b3c0140e313f58f48599a66d221e9bde5c
distribution: 1
category: Payload delivery
type: filename|sha512
value: 8297ac20e502064e0cd43eb2b23ff5b3c0140e313f58f48599a66d221e9bde5c|e5e46fde8359aae41a4cd8d6d2e78c1b17ea42a12190fc7e6e1b5d29488ffc5759b7fa305d1628949ca527211f72a36070ff863552a8ca9bbde3511eb3ecde9c
distribution: 1
category: Payload installation
type: filename|md5
value: %TEMP%\~DFBFEC60E39017FD03.TMP|f75a89ada27e542cd9aca4a26d46aa34
distribution: 1
category: Payload installation
type: filename|sha1
value: %TEMP%\~DFBFEC60E39017FD03.TMP|117072e549b2985622c752f06a1c5686c2f58d9c
distribution: 1
category: Payload installation
type: filename|sha256
value: %TEMP%\~DFBFEC60E39017FD03.TMP|668835b2a153e75ca742a111b8a471481f9208866575390c6106faec25acfdbb
distribution: 1
category: Payload installation
type: filename|sha512
value: %TEMP%\~DFBFEC60E39017FD03.TMP|34b46553d1b3658c167753fbe098a6db41801bb71238fec2eadb86a714ccf7f77a7d02dd82cd76d831da1034bb07de9d968af9b7eeb8022e35259fd203e2e2d8
distribution: 1
category: Payload installation
type: filename|md5
value: %TEMP%\~DF59BC3584EFC10BB9.TMP|b6278903346ded803cc0fb9367fee149
distribution: 1
category: Payload installation
type: filename|sha1
value: %TEMP%\~DF59BC3584EFC10BB9.TMP|1d3e99f45ebbfcf1fec31a3f98fef17ab5e4af3c
distribution: 1
category: Payload installation
type: filename|sha256
value: %TEMP%\~DF59BC3584EFC10BB9.TMP|79aebaa04e35050f1c823097946f39f2db0aae495ab78c7f6bac9ee7527db953
distribution: 1
category: Payload installation
type: filename|sha512
value: %TEMP%\~DF59BC3584EFC10BB9.TMP|dd09cb5e1917b54ab273d603c5cd7987ffa431db82fee24840dd3186c351c7f0e7487ee674dc4f27d4e679ebcf3db8402f216da8d0875b701d2881d3dcdac927
distribution: 1
category: Payload installation
type: filename|md5
value: %TEMP%\~DF434BE3A93A8C44F3.TMP|f340274b47f085d228b905d31e1911ca
distribution: 1
category: Payload installation
type: filename|sha1
value: %TEMP%\~DF434BE3A93A8C44F3.TMP|fbe33e5a213d3939480465669da03981f3eae4a6
distribution: 1
category: Payload installation
type: filename|sha256
value: %TEMP%\~DF434BE3A93A8C44F3.TMP|9f9b9b1e69d81a13ad28af4166f9d73fa7960349ad25e8479ae6df740ebd7d36
distribution: 1
category: Payload installation
type: filename|sha512
value: %TEMP%\~DF434BE3A93A8C44F3.TMP|ac944dc2d982cf6a097794f655bb4b8b049d2a649b15f3157fc266ccafb4b903f53a5a1ddc5a05b6e3ef4202c6d8ef574e94af9c681b47b1390319daf6819710
distribution: 1
category: Payload installation
type: filename|md5
value: _B426C14B-D0E6-11E9-BDD6-0A00276262EF_.dat|58ba4ea9453b33f7ab8381c913a56e5f
distribution: 1
category: Payload installation
type: filename|sha1
value: _B426C14B-D0E6-11E9-BDD6-0A00276262EF_.dat|fc3c0bd25c4f5eec5531c4a014381ee1624ac827
distribution: 1
category: Payload installation
type: filename|sha256
value: _B426C14B-D0E6-11E9-BDD6-0A00276262EF_.dat|3489539d54fbf7335c3afa4b36527bedc79039e3c5d9570be5dc1d00caa724c8
distribution: 1
category: Payload installation
type: filename|sha512
value: _B426C14B-D0E6-11E9-BDD6-0A00276262EF_.dat|172f3cbebe9758b1c3961fe21793ff64daba6289876f9e27c1951345cfeadf7f78ddd0d04eee0f6eef7ed03a3992d21fcf76250454665be9773554b389bdc15b
distribution: 1
category: Payload installation
type: filename|md5
value: dnserror_1_|73c70b34b5f8f158d38a94b9d7766515
distribution: 1
category: Payload installation
type: filename|sha1
value: dnserror_1_|e9eaa065bd6585a1b176e13615fd7e6ef96230a9
distribution: 1
category: Payload installation
type: filename|sha256
value: dnserror_1_|3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4
distribution: 1
category: Payload installation
type: filename|sha512
value: dnserror_1_|927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d
distribution: 1
category: Payload installation
type: filename|md5
value: RecoveryStore._B426C149-D0E6-11E9-BDD6-0A00276262EF_.dat|cbe1723c551440eb81aedcdf0c120cd1
distribution: 1
category: Payload installation
type: filename|sha1
value: RecoveryStore._B426C149-D0E6-11E9-BDD6-0A00276262EF_.dat|a783fb1ad22f35380afb37fdfb716a9520404bf3
distribution: 1
category: Payload installation
type: filename|sha256
value: RecoveryStore._B426C149-D0E6-11E9-BDD6-0A00276262EF_.dat|be24d5ec4edb68867e56bd8741bc238a6e5cf84574e1fb46cab8090bb3ea5bca
distribution: 1
category: Payload installation
type: filename|sha512
value: RecoveryStore._B426C149-D0E6-11E9-BDD6-0A00276262EF_.dat|cf14e8cb3edb3c338c074c8b5f9c3c6fc0f63d5dfb824e153303d8de3748a4cfefb410485b42572b93be66f889a03a793bbe6be2435d0d4fb66aa50d7293701e
distribution: 1
category: Payload installation
type: filename|md5
value: errorPageStrings_1_|6b26ecfa58e37d4b5ec861fcdd3f04fa
distribution: 1
category: Payload installation
type: filename|sha1
value: errorPageStrings_1_|b69cd71f68fe35a9ce0d7ea17b5f1b2bad9ea8fa
distribution: 1
category: Payload installation
type: filename|sha256
value: errorPageStrings_1_|7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
distribution: 1
category: Payload installation
type: filename|sha512
value: errorPageStrings_1_|1676d43b977c07a3f6a5473f12fd16e56487803a1cb9771d0f189b1201642ee79480c33a010f08dc521e57332ec4c4d888d693c6a2323c97750e97640918c3f4
distribution: 1
category: Payload installation
type: filename|md5
value: NewErrorPageTemplate_1_|cdf81e591d9cbfb47a7f97a2bcdb70b9
distribution: 1
category: Payload installation
type: filename|sha1
value: NewErrorPageTemplate_1_|8f12010dfaacdecad77b70a3e781c707cf328496
distribution: 1
category: Payload installation
type: filename|sha256
value: NewErrorPageTemplate_1_|204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd
distribution: 1
category: Payload installation
type: filename|sha512
value: NewErrorPageTemplate_1_|977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc
distribution: 1
category: Payload installation
type: filename|md5
value: _B426C14C-D0E6-11E9-BDD6-0A00276262EF_.dat|5b6ed9ec0bf91ab56ee0abda15b33013
distribution: 1
category: Payload installation
type: filename|sha1
value: _B426C14C-D0E6-11E9-BDD6-0A00276262EF_.dat|d7acc5390337a1e659342aff112f52f84c9fe0c9
distribution: 1
category: Payload installation
type: filename|sha256
value: _B426C14C-D0E6-11E9-BDD6-0A00276262EF_.dat|df10e57f154e3c5de5bc3aee5c4de0fefbab439073b9e6843fc285de2d224acb
distribution: 1
category: Payload installation
type: filename|sha512
value: _B426C14C-D0E6-11E9-BDD6-0A00276262EF_.dat|dcc3938eabbfc13c10399bbb726599a13c7de51d0228848bfd4302ce71c2ec44969c6a91ac808cc4ccf3b72c0bc7fe04d6c6ba5db60b13c7a3123ebc11da0de2
distribution: 1
category: Payload installation
type: filename|md5
value: httpErrorPagesScripts_1_|3f57b781cb3ef114dd0b665151571b7b
distribution: 1
category: Payload installation
type: filename|sha1
value: httpErrorPagesScripts_1_|ce6a63f996df3a1cccb81720e21204b825e0238c
distribution: 1
category: Payload installation
type: filename|sha256
value: httpErrorPagesScripts_1_|46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
distribution: 1
category: Payload installation
type: filename|sha512
value: httpErrorPagesScripts_1_|8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\DEFAULTNOTIFICATIONSSETTING|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\DEFAULTNOTIFICATIONSSETTING|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\NOTIFICATIONSALLOWEDFORURLS\1|680074007400700073003A002F002F005B002A002E005D0069006E0073007500700070006F0073006900740079002E0069006E0066006F000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\NOTIFICATIONSALLOWEDFORURLS\1|680074007400700073003A002F002F005B002A002E005D0069006E0073007500700070006F0073006900740079002E0069006E0066006F000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\NOTIFICATIONSALLOWEDFORURLS\2|680074007400700073003A002F002F005B002A002E005D00610063006C00610073007300690067006E00650064002E0069006E0066006F000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\NOTIFICATIONSALLOWEDFORURLS\2|680074007400700073003A002F002F005B002A002E005D00610063006C00610073007300690067006E00650064002E0069006E0066006F000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\NOTIFICATIONSALLOWEDFORURLS\3|680074007400700073003A002F002F005B002A002E005D006100630069006E0073007400650072002E0069006E0066006F000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\NOTIFICATIONSALLOWEDFORURLS\3|680074007400700073003A002F002F005B002A002E005D006100630069006E0073007400650072002E0069006E0066006F000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|DCD3C4B0F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|DCD3C4B0F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|DCD3C4B0F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\DECAYDATEQUEUE|01000000D08C9DDF0115D1118C7A00C04FC297EB0100000017A4A9AF977C2E46B14A5890D3D83ED900000000020000000000106600000001000020000000697EC0F9571219DA955AEA65231B755B5AEB0BC0041FC0795EA9FE5183BF85EB000000000E80000000020000200000000CDBB5B6744026ECE50B873A13A1545412A161476665B10018BFB6D003240D0940000000B29C074A2DC12CE2D7C8396D5363C4FC265317C9407D5B10EC7A35C5E6CAE8CDDCF123ADB086757526789F6D443DD080274158642D1BA598465803EB060ABDE24000000008DAD2DDB7A1B95170B3CB872EAA20EF2B71786A5DCED69C9AF8D31E2ADCC58BC56D74D254B81ABA66A97951C6F41FB41FAF2F0DBE8913AF4F6EC17812687329
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEWTABPAGE\LASTPROCESSED|301333B70465D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DISCARDABLE\POSTSETUP\COMPONENT CATEGORIES\{00021493-0000-0000-C000-000000000046}\ENUM\IMPLEMENTING|1C00000001000000E307090005000600140029002300BF0201000000644EA2EF78B0D01189E400C04FC9E26E
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DISCARDABLE\POSTSETUP\COMPONENT CATEGORIES\{00021494-0000-0000-C000-000000000046}\ENUM\IMPLEMENTING|1C00000001000000E30709000500060014002A0010007B0300000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATELOWDATETIME|48A91ADD
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATEHIGHDATETIME|2565D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|96A06877F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDETECTEDURL|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|73020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E307090005000600140029001F00EE02
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|71020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E307090005000600140029001F001D03
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|73020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E307090005000600140029001F004C03
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TYPE|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\COUNT|74020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\TIME|E30709000500060014002A0012007102
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TYPE|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\COUNT|72020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\TIME|E30709000500060014002A0012007102
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TYPE|03000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\COUNT|74020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\TIME|E30709000500060014002A0012007102
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPDAYSSINCELASTAUTOMIGRATION|1B000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPLASTLAUNCHLOWDATETIME|D064A776
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPLASTLAUNCHHIGHDATETIME|F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NTPMIGRATIONVER|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATELOWDATETIME|2A4C9088
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER\NEXTCHECKFORUPDATEHIGHDATETIME|F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\COMPATIBILITYFLAGS|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\SECURITYSAFE|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\RECOVERY\ADMINACTIVE\{B426C149-D0E6-11E9-BDD6-0A00276262EF}|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOWSSEARCH\VERSION|5700530020006E006F0074002000720075006E006E0069006E0067000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\SECURITYSAFE|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FULLSCREEN|6E006F000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT|2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000D0020000C7010000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\RECOVERY\PENDINGRECOVERY\ADMINACTIVE|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\LOADTIMEARRAY|1F0000001F0000000000000001000000000000000800000001000000000000000700000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\LOADTIMEARRAY|35000000270000000000000005000000000000001300000005000000000000001100000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\LOADTIMEARRAY|4F000000150000000100000002000000010000001900000002000000010000001800000001000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\BACKUPDEFAULTSEARCHSCOPE|00000000680900002D1605DB3D50820B059EA36BD4C00D0D6F3585DCC043941E83D3DF9D3AF096156136D346F490F73818FD83A1694370061ECD10A5EA1A5C27456F4CF56CBDCFF792EE4633E30573DF3EBDA309CFA26CE1BECE736C7EB64613B0BB9B954A77A073E5E083FE14D02EAEF37EA7345EFFE60A16D9CE906F37A8D60C595D6B303E6B6EA3ABC409720F2660C0E0126599780469C08C475689BCACCC4CE8ECFE7432D982D6EFECDCA4E36D45D78316EB3E2FDC4C398941109B67722A8E07A6175B73C31DB04C65DFDB6CC420C907D28CF242712F436E04E45D57E9C34358F1722C21F564C0628D9E00CB9A55110DFB0276D3AC46EBDC21150BAC6D21667A077F795CD0ED69D199A47D1E41624333F080D200E4E4407435E40D862AE3C70C3F34B2441649443982DC8687D9AD1F1AC6522AEB0CA693D461FDE704D3761BB0C4F3ACF95859543A2C8B6B24A1A4FC625F848BB28B75609E1C77FD486B1A3D05667BF99BD37B5D7415D525168523A2AB329D17776759027069623D714331C9AA81E6FA4A5D816887FDD4F17D0D379295FA6B9B58501699EB62E4499F4BEA174154C5A72682759C122F40DE795D2576C1D9DE2977B99E2DB098E980F173322D698137CD4F233BB5B753A2452B97C957CD25EF3BF30954D85D08648A89A6F8DCC13C27E2E5AAEEAC15D11D1CB16F461A5A749DFDEB02177A945E17118627C635EB2484D7081C23CACC44C6C82C38FAF40844F87381A827F2F39FF62308139E6A868D9BD4D868EAF07CEA8563BD1AD2C377723AB8D3AFD4A61B2B18452FDD35E2315978917557AA4DC594926A8273E5BE4739F24D039CFF25ADBE2EAB1AF476328E8353ADFF51C904476078F19C4B5D0719C43FAE2F1D6BB947D598ECEB52548B3B341DFD96F4242CA269AAB52BF3B74D8BA01B587928D70F8B6F020FC135F08CDAE806A95A385A5976F8AD4550DB50273E9BB381FF61FCFC17798F5ABCD40F760AEB2B916B76DF7C6348CF0F294A3E2BD261D534E31340828CA79CD6FBB4DD926A2C419DE903E96109B267DCD7757EDCE7DA65AB43B24F348B9B0EC0A01202F29C4A5A86F46C299007D8B48E7A6173B81DF2F03341D977A6B21A2EF4CAB104383FA3B79FAC644FA7FF853E333391AE92146C3FB9FBE5DB5DA380176E998C008EF2D5AD76322068D290F7CEC4206611766D01030E933872ACFCE2BA792D47ADA9579B936FA40A02D15AF3F4BB6234320FC6B69387274CD8915E7E66A5A50AAC7D0D79C94023F427B0FDC81F591AF2213CC0B6B444D9DAEE0C6A34E9D223E03386B3AFC527CF7F26191908420A666A70E2FB3D7299C7CD4EB4BE454166C65DFF1BEBF83D4AC81927294E1C0B9667E68D90172F0DF113DD851FFC8BD659AE969654543F54492E869A283C03AA873D167686B46FF36DDCE729A6C2654EC5FA18E1A88DE9DB5321B26C4E8325266809F8AD7D731AC9E54100B727B2AFE3B2CCB809BE387FAB7FC1220F41C39745F4E91E8B52F2A1886B64C5441D6A3A5DCE431FB479F4F0FF7F2E0052B89B0E049EFE4CD86DD2C1A6A963DFFE418BF284387F9181A76047EE70889E0DCAAD54986369ECBBA9B31B504760907C5EB66F3B7BA01CE5161EB5E621EF8497AC987A0A3F4862F5903525B58B7902DFD289551381C5744840CD29460E83220FC7FC2C5BD7BCE26BF1F83D614CD0B4C034A6E081ED10727D9F0C01FA1264F172F8797F3C99E549098B9CADA780837BF623AB969B4DA03988367D963238B2BA89B7AF285224E4DAE6B7C2CF1C26B4CA1FAD39C9650295CCAF34BFB123058D919C433E390F15D79EC928082B22B58156092CF157B0730FF1E2A27114D919151CFF6AC69D17F9DF76F0040FDC7E3F0C0EDACA717D899C2D776C19351C19F16A39661BE75A397E1DAF2BA277D40BA373DC17425BA836F11150F970AA7256C8AC53115D41C5EF12AF765195E04A6D53D851733C4DF0C90ADA0BEC896F7AB081FB95C39D74ED7EF4B62CF29BEA01DDCC592A6BCEE8AA3857A87C024D266E0BF377338C921F8F958752F06B7A36D6070D18BBBC28CDF5118B9A9945346E5E2C9F408F5EAEE43F864DA405405C62B7F252343BA4C39A82B4C3D2FC5695E6D4F0D876EC7BF862B20C31CA92C7340F6FFAEFCC26EC7AF14F273A6F6BFA23303B8EF439F7A7FF392AA581E50028CADDCCD9420276CFD370876D5491F50293EB9AE5D2A9BF36E10977723E1673A5986C80C7E9F432A7C7B84A7D6158EB84CCB63EE6A1E615E2107268B23F7B553BBE5C4BA145C4AA6F6E6A1BB9EDE36C572033B7FEAB103973061471C9C035108B754ED320DD90C7149F241C02EA54A6ECC6005EA2974738391E8F15D3BD64BE194CE0772C747A8F935988BB5326CA9675F1BF37D7E7ABCF53708388CE702918D805B39B2DABA0FBECCB3520F2406521553F0F0DDED85C8FCA3290F64F1CA297035167F17E2F2409E296C94B2B934403E59E8F2EE19B7A4477685688C79AF00051D49C7CE2B624AD8928E8D5A3DD89748CE2E1F2B5892506BB8874D05D8E338B68A7F2640F33C20DABAC2F3B34FD53661F2EA472B3887D3D0BB08CF351798C0CB39B09AF4BB01C20F55C40F75A2FC28C999677FA906FA34D45C53D84F4E5198E766B82BD165B54E8F8F8B96C362AF66B20F2FCE55B5DB575DAC1277131BCFBF04261FBAEE2818854FC913B8016B10E375353D2DB762FD4E4C6E4EAB49C2653D7AB0015E9E03EDA2F9C0867C89CC82CC5F79E98EBAE6920665B162686230D3F8959F9703ED99B68193BAEDBDA641C6FF7E7F0F0FF5C47B9DDD32E7B673DCFE08E63D6AC8819E854C7425439174857F70759477972970CBF84C20A8971B0B9563CFCAE69526C40BDE231CA1F372CF8E33F72DBD28E7632521E4617F025ED69C2786C6A483D22E5C2D580492FBA5D9055E12BC19D4765699208135450DEF3F442E46256E708317F85E34E2507F182EB6C1E88477958852D9FEE4CA14820C6A5F75B8F2DE7DE5BD524CCE4B7489F150C486618BD05CA1F2F99832B8B7A82746002E48EC2E8DB6A5EC1FF03569337787D096ECC27E3D72937A0077ABB8538B03F814628DC8A707AB67A9306A186818DE0CEB91B57B230D42AD428D99A094BF2C395C2D8F96DA45257711FD27BC310EADBB9FF79AD11C9314C5569D9F2A6B633C35ECAB0883170D4AFC478971AE857954FE980161AA27FE6014338E4C1FCC53200FDED7F1477526F7B95345FFF96DD52597EC0F87C043FEA13BED7F608AB3D4A079098512EDD73B2B102F670206E87836598EC5CE5D6A25E19E664253953DED5F9386D3B040427E03F2D837DCC0EEC96AD56F06C0EBA946DFFDB27F75E949A2B62162974ED8C6F9F953446A62C183402F3DABF437D4F063EF8BD688F560E7422294857C8010000000E00000042365959565770306574382533640200000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977|01000000D08C9DDF0115D1118C7A00C04FC297EB0100000017A4A9AF977C2E46B14A5890D3D83ED900000000020000000000106600000001000020000000833245F5C5254CD3EDE6E228E9F670BD35805EC2592C8D9ADF7072E018CCE0B7000000000E80000000020000200000005E48A4DE33B70C6E4968E39FCB014D2C7B6A4F927DA93E40D78A9818470B53FD500000007C2ED1886431812B1E507F6F98678CF7B30F91605B1ABC639CC860B4502A095FD660D14F54A7FE304FBFDB98FC19C2EFD27725EA76960066DFB3A649F08FAC03ECE4A2AABCD4C34967F7292379D37B11400000000D2665583C826C54EA92737AF84B860F7DDA5DAAE3EBF6E8E02980590CBE1E899902156A9AC429CF0D9685D8B646AA338A2BB6061862B893776C6E0E6E6309B4
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EUPP PROTECTED - IT IS A VIOLATION OF WINDOWS POLICY TO MODIFY. SEE AKA.MS/BROWSERPOLICY\DSP\CHANGENOTICE|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81|01000000D08C9DDF0115D1118C7A00C04FC297EB0100000017A4A9AF977C2E46B14A5890D3D83ED900000000020000000000106600000001000020000000154F8BF6BF3670D49A6D5CA8355E5682FFD3204B8DC49C352AED2AD97C9F400B000000000E8000000002000020000000B93B35BAC6F9B9B0CA5F150304E04FAB2BFBDF6E975F312C15579DADC5008031100000001FE7CFADEF87EC3596965212F6BCE779400000006083E8E6010F8590456D7ABC18499D281CF28B4038248AE8D40B8793FFD9DCA5EF30D40BAB9311A0579B14F33CF7FF15E2334165AF1E7BA7750DA891C7CE2423
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\IEXPLORE\LOADTIMEARRAY|010000001F0000001F00000000000000010000000000000008000000010000000000000007000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\LOADTIMEARRAY|00000000350000002700000000000000050000000000000013000000050000000000000011000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DBC80044-A445-435B-BC74-9C25C1C588A9}\IEXPLORE\LOADTIMEARRAY|110000004F0000001500000001000000020000000100000019000000020000000100000018000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\IEXPLORE\NAVTIMEARRAY|C8DBFFFF060000000100000000000000000000000500000001000000000000000000000003000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAO SETTINGS\SUPPRESSPERFBARUNTIL|F20498BDBC65D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F50100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0D2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|96A06877F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|96A06877F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|96A06877F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|64878E92F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|64878E92F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|64878E92F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|64878E92F364D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDETECTEDURL|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMAINSUGGESTION\NEXTUPDATEDATE|CC655410
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING\NEXTNTPCONFIGUPDATEDATE|75665410
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\UpdatingNewTabPageData
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\!BrowserEmulation!SharedMemory!Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\URLBLOCK_DOWNLOAD_MUTEX
distribution: 1
category: Artifacts dropped
type: mutex
value: UpdatingNewTabPageData
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_11c_IESQMMUTEX_0_331
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_11c_IESQMMUTEX_0_303
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_11c_IE_EarlyTabStart_0x918_Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: {5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: {66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\URLBLOCK_FILEMAPSWITCH_MUTEX_284
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\VERMGMTBlockListFileMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_11c_ConnHashTable<284>_HashTable_Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\URLBLOCK_FILEMAPSWITCH_MUTEX_284
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\URLBLOCK_DOWNLOAD_MUTEX
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\IsoScope_11c_IE_EarlyTabStart_0x918_Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\IsoScope_11c_ConnHashTable<284>_HashTable_Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\IsoScope_11c_IESQMMUTEX_0_303
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\IsoScope_11c_IESQMMUTEX_0_331
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F60100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0D2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\!BrowserEmulation!SharedMemory!Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\URLBLOCK_DOWNLOAD_MUTEX
distribution: 1
category: Artifacts dropped
type: mutex
value: UpdatingNewTabPageData
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_11c_IESQMMUTEX_0_331
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_11c_IESQMMUTEX_0_303
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_11c_IE_EarlyTabStart_0x918_Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: {5312EE61-79E3-4A24-BFE1-132B85B23C3A}
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\URLBLOCK_HASHFILESWITCH_MUTEX
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: {66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\URLBLOCK_FILEMAPSWITCH_MUTEX_284
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\VERMGMTBlockListFileMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_11c_ConnHashTable<284>_HashTable_Mutex
distribution: 1
category: Artifacts dropped
type: mutex
value: IsoScope_11c_IESQMMUTEX_0_274
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\IsoScope_11c_IESQMMUTEX_0_274
distribution: 1