File: 1c9f594ac8e6b81a701ff3657a1db1228051be40ee98fe4758d485bdbb7dcff9

Metadata
File name:jmc.php
File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
File size:53682 bytes
Analysis date:2016-10-17 07:18:14
MD5:bfefb161c111c8f8d8247db1281ab0de
SHA1:0f1732336d4ab756ebc2d9b6ecfd2a302848d015
SHA256:1c9f594ac8e6b81a701ff3657a1db1228051be40ee98fe4758d485bdbb7dcff9
SHA512:630991a49890da4862210d98b76a2799e6797d118fdb2de69581d0806e2bf248933cf73a35218dfa681945d01ab4e19a920c01c8f3d044e001abefdc14390ed1
SSDEEP:1536:3w4fpS/nScizHM74N0DIDidckpzFrNHznb5:3w4gnScG4DI2dckpz5NHzV
IMPHASH:b78ecf47c0a3e24a6f4af114e2d1f5de
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 1c9f594ac8e6b81a701ff3657a1db1228051be40ee98fe4758d485bdbb7dcff9.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
altocloudmedia.com/tunnel/netstream.exeNSIS_Inetc (Mozilla)
install.bhuygv.com/download/APSnapdoAMRevNSIS_Inetc (Mozilla)
50.3.75.201:5450/2.exeNSIS_Inetc (Mozilla)
92.240.238.39/pixel/s2s.php?adv=NetworkManager&shortname=NetworkManager&campaign={19910}&key=M3RedSeSKv75YQ5FN3374TWtq9Rurekz&time=1476694747ace4956e-736e-11e6-9584-d7165ca591df
50.3.75.201:5450/3.exeNSIS_Inetc (Mozilla)
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\jmc.php
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Control Panel\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\System\Setup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092220140929
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092920140930
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Environment
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Volatile Environment
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\50.3.75.201
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\50.3.75.201
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/octet-stream
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\dgldsk.exe
HKEY_CLASSES_ROOT\interface\{F935DC25-1CF0-11D0-ADB9-00C04FD58A0B}
HKEY_CURRENT_USER\Software\ESET
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMProtector
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
HKEY_CURRENT_USER\Software\Borland\Locales
HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServerX86
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandlerX86
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServerX86
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandlerX86
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer
\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServerX86
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandlerX86
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer
\REGISTRY\MACHINE
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Gemplus GemSAFE Card CSP v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Infineon SICRYPT Base Smart Card CSP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft DH SChannel Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced Cryptographic Provider v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Exchange Cryptographic Provider v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft RSA SChannel Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Schlumberger Cryptographic Service Provider
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}
CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\TreatAs
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\InprocServer32
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\InprocServerX86
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\LocalServer32
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\InprocHandler32
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\InprocHandlerX86
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}
HKEY_CLASSES_ROOT\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\TreatAs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig\
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig\\Enroll\HcsGroups
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig\\Enroll\HcsGroups\
CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}
CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\TreatAs
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\InprocServer32
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\InprocServerX86
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\LocalServer32
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\InprocHandler32
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\InprocHandlerX86
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}
HKEY_CLASSES_ROOT\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\TreatAs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Shas
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs\79617
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs\79618
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs\79619
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs\79620
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs\79621
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs\79623
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig\\Qecs\79617
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig\\Qecs\79618
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig\\Qecs\79619
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig\\Qecs\79620
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig\\Qecs\79621
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig\\Qecs\79623
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig\\UI
HKEY_CLASSES_ROOT\AppID\netsh.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\Software\Microsoft\HCS
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServerX86
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandlerX86
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServerX86
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandlerX86
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
Comments
User comments about 1c9f594ac8e6b81a701ff3657a1db1228051be40ee98fe4758d485bdbb7dcff9.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.