VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

cf9455d8ff57251b8feb191bc1024965    Hybrid analysis report

Basic Information

file name: cf9455d8ff57251b8feb191bc1024965
file size: 44028
file type: PE32 executable (GUI) Intel 80386, for MS Windows
Submission time: 2019-09-07 07:20:31
MD5: cf9455d8ff57251b8feb191bc1024965
sha1: 8710d40f86bb5ca964952a96b625db9cf91e8ccc
sha256: 3e7fd248aa6b5fd3934cb8e455561af2e3c7c7cfe8d61ad41519678dccb4e32e
enviorment_description: Windows 7 32 bit (HWP Support)
total_processes: 0
total_signatures: 0
file_analysis: 0
mitre_attcks: 0

Document analysis report

uuid: java:java.util.UUID
xmlns: http://www.misp-project.org/
Event
id: 3e476a93-5257-43b1-9e79-86643e788350
date: 2019-09-06
info: Falcon Sandbox auto-generated for \"3e7fd248aa6b5fd3934cb8e455561af2e3c7c7cfe8d61ad41519678dccb4e32e\"
analysis: 2
distribution: 1
published: 1
Attribute
category: External analysis
type: link
value: https://www.hybrid-analysis.com/search?query=3e7fd248aa6b5fd3934cb8e455561af2e3c7c7cfe8d61ad41519678dccb4e32e
distribution: 1
category: External analysis
type: comment
value: Falcon Sandbox v8.30 Copyright 2019 Hybrid Analysis GmbH, All Rights Reserved, www.payload-security.com
distribution: 1
category: Payload delivery
type: filename|md5
value: 3e7fd248aa6b5fd3934cb8e455561af2e3c7c7cfe8d61ad41519678dccb4e32e|cf9455d8ff57251b8feb191bc1024965
distribution: 1
category: Payload delivery
type: filename|sha1
value: 3e7fd248aa6b5fd3934cb8e455561af2e3c7c7cfe8d61ad41519678dccb4e32e|8710d40f86bb5ca964952a96b625db9cf91e8ccc
distribution: 1
category: Payload delivery
type: filename|sha256
value: 3e7fd248aa6b5fd3934cb8e455561af2e3c7c7cfe8d61ad41519678dccb4e32e|3e7fd248aa6b5fd3934cb8e455561af2e3c7c7cfe8d61ad41519678dccb4e32e
distribution: 1
category: Payload delivery
type: filename|sha512
value: 3e7fd248aa6b5fd3934cb8e455561af2e3c7c7cfe8d61ad41519678dccb4e32e|23cec1d115ecef1fdb9d9958358833dae2018e76a15839124c1bff1b661ef40d82d5d9a60a6274bd8ac19625454fba19bc0b65fd4ec4c85bf000a97bdcb543f3
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: Microsoft-CryptoAPI/6.1
distribution: 1
category: Network activity
type: user-agent
value: Microsoft-CryptoAPI/6.1
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: user-agent
value: iexplorer
distribution: 1
category: Network activity
type: domain|ip
value: ocsp.comodoca4.com|151.139.128.14
distribution: 1
category: Network activity
type: domain|ip
value: ocsp.trust-provider.com|151.139.128.14
distribution: 1
category: Network activity
type: domain|ip
value: static.hugedomains.com|104.25.37.108
distribution: 1
category: Network activity
type: domain|ip
value: www.hugedomains.com|104.25.37.108
distribution: 1
category: Network activity
type: domain|ip
value: www.northpoleroute.com|23.20.239.12
distribution: 1
category: Network activity
type: domain|ip
value: www.polarroute.com|204.11.56.48
distribution: 1
category: Network activity
type: ip-dst
value: 204.11.56.48
distribution: 1
category: Payload installation
type: filename|md5
value: %TEMP%\MicroMedia\MediaCenter.exe|f14133a06ac0bc879cb7a18f25ae1e54
distribution: 1
category: Payload installation
type: filename|sha1
value: %TEMP%\MicroMedia\MediaCenter.exe|db07b161210229b581a546c76e800166c0fc4278
distribution: 1
category: Payload installation
type: filename|sha256
value: %TEMP%\MicroMedia\MediaCenter.exe|b10eaf2b3bde78a89258b1a766791a6a63df70670bb40f69f762e9bdf16630ee
distribution: 1
category: Payload installation
type: filename|sha512
value: %TEMP%\MicroMedia\MediaCenter.exe|7e5e868e6ca6f18194e071ae8fab1230d23f570079c4d0b86c43c9eb9233938a9f01d3855f439a62307fa5e1953723aa354523c039de5011395c048024a9a57d
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2|8673ef15526e1a7735f6bdbe2aecb4b6
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2|a4bb27ea84a5e85140b3fc1d83e813520311150f
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2|4c9d0c1e34064860355df3851702b6b5f0de4337355b3f1dbab5d717550aeea0
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2|57e069470bcaa7da7560bd9e62ca45d3cf75abcb7230c7f3d79fa4a8a54ce58883c9de9bfbbfa0867e01d897576377a49c719522a5ce63e7b60804e057d64b6a
distribution: 1
category: Payload installation
type: filename|md5
value: %APPDATA%\Microsoft\Windows\Cookies\JB33VZ7U.txt|b0ce86d228325912cce0ab61264e5753
distribution: 1
category: Payload installation
type: filename|sha1
value: %APPDATA%\Microsoft\Windows\Cookies\JB33VZ7U.txt|8452832a7b2a5885ed3b5b3fcd7c69893ce109f3
distribution: 1
category: Payload installation
type: filename|sha256
value: %APPDATA%\Microsoft\Windows\Cookies\JB33VZ7U.txt|77acddad0eee58ff51bf1b5b8373a1aa9afbaffdee0c6d5def3e3a90692c3f0a
distribution: 1
category: Payload installation
type: filename|sha512
value: %APPDATA%\Microsoft\Windows\Cookies\JB33VZ7U.txt|3ba790ecc720c289ffbda4b674e5a3dbe79472ac24bbb00fb32c2395162cdd8b560b905371e091cbbbe7a98fe0ddc113ed6131561ae1f1a3b58b3d4bb974e043
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F|6318768aabbda7a7ac0888894a55d69d
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F|13b9cad4137789ab9ac8984149d921876e9af78d
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F|94ea63410ae241f9d2db432aa2816fc5c361da3ac7a999057ce085fd83effdf8
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F|7012d9a2721f2ab987ad8e975d77cf787326ee21db6db1bf2b3b85b36645e174274ec85e66be42622d1332d29934fa2cb1bff4ab4e1b84675e1aa1f0e5f4f820
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2|e28c19eb40ccdd29ee52e2241baeccd7
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2|284f19008e12a0ff30c2fb773c5bb3eae28fe4b1
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2|8826b14c58a7af0b2041e191299d179efee5fd09865c227daefd53e1803dbc3b
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2|08d823b96cddeda81e2d1663b5bdd18c1be594662bbd0101b5ccee4e2f4ebad924ff2482f4edaa3fcbb2519fda83575b32d744fdc12b9f6435c728f5915ca2ab
distribution: 1
category: Payload installation
type: filename|md5
value: domain_profile_1_.htm|f8fa10df1dfafd45214634a5973057f3
distribution: 1
category: Payload installation
type: filename|sha1
value: domain_profile_1_.htm|902051cc2cae85d46f6276797e4c8e3509cd8e3c
distribution: 1
category: Payload installation
type: filename|sha256
value: domain_profile_1_.htm|951e1d6ad38053bc780e0e3e3bd57a28c4fad90d4d354ab70a7a1ecb0643e2ba
distribution: 1
category: Payload installation
type: filename|sha512
value: domain_profile_1_.htm|c1cde9adad88026a73d0b912e982b51fc4263138dd08894bd28024cf1389a94dff923693d1dc59b28c7d10b0a843496ace626077975b8776819b34e78e0c7790
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F|47781678e7f08b9d3e0d75324bd99e07
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F|9af4cf26b7819f3127ce361379ed6b5ac54752ea
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F|c57f4d387a9d86b64e39121f473f892c1f7afff6c1dc903593013884e6f465a5
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F|d34c609bdca678f0605d6e70cfc905f27ea113656a629e37bfb91312fa4b2c2c1bf810f3638d729f02ec490972a319a0ddc5db3fff1b00cff4bcf55f24f81d28
distribution: 1
category: Payload installation
type: filename|md5
value: domain_profile_1_.cfm|37e19f2a70d085802379acf17a5ab64b
distribution: 1
category: Payload installation
type: filename|sha1
value: domain_profile_1_.cfm|90146894f872d818717eedfff822cfb976a66669
distribution: 1
category: Payload installation
type: filename|sha256
value: domain_profile_1_.cfm|b3e46037f52a091081d38981941d2203a0c1f04bd0f7c7f3259ee6c88b96eee3
distribution: 1
category: Payload installation
type: filename|sha512
value: domain_profile_1_.cfm|b8b2b47cdaed09127e0c1ded4e7348fdd9776ddc20f63b8e09b0f091c164458906e695d6f60fb78cfe2843a77cab971d7ab413373a683b5290768c4388c81682
distribution: 1
category: Payload installation
type: filename|md5
value: logo_huge_domains_1_.gif|af5db09e39ca35d8930b4e59962e09e5
distribution: 1
category: Payload installation
type: filename|sha1
value: logo_huge_domains_1_.gif|c829f8bd6272622cb1d0a62853ca2e406ea4e0d7
distribution: 1
category: Payload installation
type: filename|sha256
value: logo_huge_domains_1_.gif|563266f19065b3ae9fd0bb3bb98548a2c0e1e548b3129cadc608862fc50ce4ac
distribution: 1
category: Payload installation
type: filename|sha512
value: logo_huge_domains_1_.gif|33a20b5c5dc375567521f1b084c29c8c744bf98c84951838dcedd820e229e5d2c0e50068bac04925a23c5d3832c1faf4916a90f0c39aef855e6e15b0b3074416
distribution: 1
category: Network activity
type: ip-dst
value: 23.20.239.12
distribution: 1
category: Network activity
type: ip-dst
value: 104.25.37.108
distribution: 1
category: Network activity
type: ip-dst
value: 151.139.128.14
distribution: 1
category: Network activity
type: ip-dst
value: 104.25.37.108
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MICROMEDIA|43003A005C00550073006500720073005C0048004100500055004200570053005C0041007000700044006100740061005C004C006F00630061006C005C00540065006D0070005C004D006900630072006F004D0065006400690061005C004D006500640069006100430065006E007400650072002E006500780065000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesCacheCounterMutex
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|BC1B9CF30B65D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|BC1B9CF30B65D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|BC1B9CF30B65D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISIONTIME|E69287FF0965D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{FD4316C2-FF33-42BF-BE78-39051EB67EC2}\WPADNETWORKNAME|4E006500740077006F0072006B002000200033000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|E69287FF0965D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|E69287FF0965D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONREASON|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISIONTIME|E69287FF0965D501
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDECISION|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\00-00-5E-00-01-01\WPADDETECTEDURL|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT\CACHEPREFIX|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES\CACHEPREFIX|43006F006F006B00690065003A000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY\CACHEPREFIX|56006900730069007400650064003A000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\PROXYENABLE|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS\SAVEDLEGACYSETTINGS|46000000F10100000900000000000000000000000000000004000000000000003071E4E2286CD3010000000000000000000000000100000002000000C0A8F0D2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\A5\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: yara
value: iexplorer/c ping 127.0.0.1 & del /q%d_of_%d_for_%s_on_%s
distribution: 1