File: 3d226b842f657ba6a346ae4226776927de76d028fb0ccd4edbd36314c758be9c

Metadata
File name:linux-lady_0DE8BCA756744F7F2BDB732E3267C3F4
File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
File size:6759424 bytes
Analysis date:2017-07-07 01:42:52
MD5:0de8bca756744f7f2bdb732e3267c3f4
SHA1:bf2e0b261feddfdd8128486610393ba69d83f580
SHA256:3d226b842f657ba6a346ae4226776927de76d028fb0ccd4edbd36314c758be9c
SHA512:e1047464e47b70a8791636d648de669fc302dda98f9f677b0538514ea770ea194036ebd7d1979dbc24b1ecd5a4c62ce6cbec16bf8a2d053c012a3a98fcddbde0
SSDEEP:49152:yw3tZciQWKuFQNTBJppRyyQpVGtgy4IWpSPe75h1hsecgFpWU3vOIuFjMNfd/Tk:y8tZBQ7rlAwgy4Iv2zWev64H
IMPHASH:N/A
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 3d226b842f657ba6a346ae4226776927de76d028fb0ccd4edbd36314c758be9c.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files
HKEY_CLASSES_ROOT\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InProcServer32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}
CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\TreatAs
\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}
\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32
\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServerX86
\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\LocalServer32
\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocHandler32
\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocHandlerX86
\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}
HKEY_CLASSES_ROOT\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{99FD978C-D287-4F50-827F-B2C658EDA8E7}
HKEY_CLASSES_ROOT\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ab5c5600-7e6e-4b06-9197-9ecef74d31cc}\InProcServer32
CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\TreatAs
\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32
\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServerX86
\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\LocalServer32
\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocHandler32
\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocHandlerX86
\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
HKEY_CLASSES_ROOT\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
HKEY_CLASSES_ROOT\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{920e6db1-9907-4370-b3a0-bafc03d81399}\InProcServer32
CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}
CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\TreatAs
\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}
\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32
\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServerX86
\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\LocalServer32
\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocHandler32
\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocHandlerX86
\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}
HKEY_CLASSES_ROOT\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{920E6DB1-9907-4370-B3A0-BAFC03D81399}
HKEY_CLASSES_ROOT\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{16f3dd56-1af5-4347-846d-7c10c4192619}\InProcServer32
CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}
CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\TreatAs
\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}
\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32
\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServerX86
\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\LocalServer32
\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocHandler32
\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocHandlerX86
\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}
HKEY_CLASSES_ROOT\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{16F3DD56-1AF5-4347-846D-7C10C4192619}
HKEY_CLASSES_ROOT\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2916c86e-86a6-43fe-8112-43abe6bf8dcc}\InProcServer32
CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\TreatAs
\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32
\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServerX86
\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\LocalServer32
\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocHandler32
\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocHandlerX86
\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
HKEY_CLASSES_ROOT\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
HKEY_CLASSES_ROOT\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InProcServer32
CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}
CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\TreatAs
\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}
\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocServer32
\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocServerX86
\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\LocalServer32
\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocHandler32
\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocHandlerX86
\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}
HKEY_CLASSES_ROOT\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\TreatAs
HKEY_CLASSES_ROOT\\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\\OpenWithList
HKEY_CLASSES_ROOT\\OpenWithList
HKEY_CLASSES_ROOT\Applications
HKEY_CLASSES_ROOT\Applications\accwiz.exe
HKEY_CLASSES_ROOT\Applications\AcroRD32.exe
HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\
HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\\shell
HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\\shell\open
HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\\shell\Read
HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\\shell\Read\command
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Applications\ARTGALRY.EXE
HKEY_CLASSES_ROOT\Applications\awdvstub.exe
HKEY_CLASSES_ROOT\Applications\cag.exe
HKEY_CLASSES_ROOT\Applications\CChat.exe
HKEY_CLASSES_ROOT\Applications\cdfview.dll
HKEY_CLASSES_ROOT\Applications\clipbrd.exe
HKEY_CLASSES_ROOT\Applications\CMMGR32.EXE
HKEY_CLASSES_ROOT\Applications\cryptext.dll
HKEY_CLASSES_ROOT\Applications\datainst.exe
HKEY_CLASSES_ROOT\Applications\depends.exe
HKEY_CLASSES_ROOT\Applications\drwatson.exe
HKEY_CLASSES_ROOT\Applications\dsquery.dll
HKEY_CLASSES_ROOT\Applications\EXCEL.EXE
HKEY_CLASSES_ROOT\Applications\EXCEL.EXE\
HKEY_CLASSES_ROOT\Applications\EXCEL.EXE\\shell
HKEY_CLASSES_ROOT\Applications\EXCEL.EXE\\shell\open
HKEY_CLASSES_ROOT\Applications\EXCEL.EXE\\shell\edit
HKEY_CLASSES_ROOT\Applications\EXCEL.EXE\\shell\edit\command
HKEY_CLASSES_ROOT\Applications\explorer.exe
HKEY_CLASSES_ROOT\Applications\faxcover.exe
HKEY_CLASSES_ROOT\Applications\finder.exe
HKEY_CLASSES_ROOT\Applications\fontview.exe
HKEY_CLASSES_ROOT\Applications\fpidcwiz.exe
HKEY_CLASSES_ROOT\Applications\graflink.exe
HKEY_CLASSES_ROOT\Applications\Groove.exe
HKEY_CLASSES_ROOT\Applications\Groove.exe\
HKEY_CLASSES_ROOT\Applications\Groove.exe\\shell
HKEY_CLASSES_ROOT\Applications\Groove.exe\\shell\open
HKEY_CLASSES_ROOT\Applications\Groove.exe\\shell\open\command
HKEY_CLASSES_ROOT\Applications\grpconv.exe
HKEY_CLASSES_ROOT\Applications\helpctr.exe
HKEY_CLASSES_ROOT\Applications\hh.exe
HKEY_CLASSES_ROOT\Applications\HYPERTRM.EXE
HKEY_CLASSES_ROOT\Applications\icwconn1.exe
HKEY_CLASSES_ROOT\Applications\icwconn1.exe\
HKEY_CLASSES_ROOT\Applications\icwconn1.exe\\shell
HKEY_CLASSES_ROOT\Applications\iexplore.exe
HKEY_CLASSES_ROOT\Applications\iexplore.exe\
HKEY_CLASSES_ROOT\Applications\iexplore.exe\\shell
HKEY_CLASSES_ROOT\Applications\iexplore.exe\\shell\open
HKEY_CLASSES_ROOT\Applications\iexplore.exe\\shell\open\command
HKEY_CLASSES_ROOT\Applications\inetcpl.cpl
HKEY_CLASSES_ROOT\Applications\inoculan.exe
HKEY_CLASSES_ROOT\Applications\inoculan.exe\
HKEY_CLASSES_ROOT\Applications\inoculan.exe\\shell
HKEY_CLASSES_ROOT\Applications\ISIGNUP.EXE
HKEY_CLASSES_ROOT\Applications\java.exe
HKEY_CLASSES_ROOT\Applications\java.exe\
HKEY_CLASSES_ROOT\Applications\java.exe\\shell
HKEY_CLASSES_ROOT\Applications\javaw.exe
HKEY_CLASSES_ROOT\Applications\javaw.exe\
HKEY_CLASSES_ROOT\Applications\javaw.exe\\shell
HKEY_CLASSES_ROOT\Applications\kodakprv.EXE
HKEY_CLASSES_ROOT\Applications\MMC.exe
HKEY_CLASSES_ROOT\Applications\mnyimprt.exe
HKEY_CLASSES_ROOT\Applications\mobsync.exe
HKEY_CLASSES_ROOT\Applications\mobsync.exe\
HKEY_CLASSES_ROOT\Applications\mobsync.exe\\shell
HKEY_CLASSES_ROOT\Applications\moviemk.exe
HKEY_CLASSES_ROOT\Applications\moviemk.exe\
HKEY_CLASSES_ROOT\Applications\moviemk.exe\\shell
HKEY_CLASSES_ROOT\Applications\moviemk.exe\\shell\open
HKEY_CLASSES_ROOT\Applications\mplayer.exe
HKEY_CLASSES_ROOT\Applications\mplayer2.exe
HKEY_CLASSES_ROOT\Applications\mplayer2.exe\
HKEY_CLASSES_ROOT\Applications\mplayer2.exe\\shell
HKEY_CLASSES_ROOT\Applications\msconf.dll
HKEY_CLASSES_ROOT\Applications\msdxm.ocx
HKEY_CLASSES_ROOT\Applications\mshta.exe
HKEY_CLASSES_ROOT\Applications\msiexec.exe
HKEY_CLASSES_ROOT\Applications\msimn.exe
HKEY_CLASSES_ROOT\Applications\MSInfo32.exe
HKEY_CLASSES_ROOT\Applications\mspaint.exe
HKEY_CLASSES_ROOT\Applications\mspaint.exe\
HKEY_CLASSES_ROOT\Applications\mspaint.exe\\shell
HKEY_CLASSES_ROOT\Applications\mspaint.exe\\shell\open
HKEY_CLASSES_ROOT\Applications\mspaint.exe\\shell\edit
HKEY_CLASSES_ROOT\Applications\mspaint.exe\\shell\edit\command
HKEY_CLASSES_ROOT\Applications\msrating.dll
HKEY_CLASSES_ROOT\Applications\navwnt.exe
HKEY_CLASSES_ROOT\Applications\navwnt.exe\
HKEY_CLASSES_ROOT\Applications\navwnt.exe\\shell
HKEY_CLASSES_ROOT\Applications\netshell.dll
HKEY_CLASSES_ROOT\Applications\notepad.exe
HKEY_CLASSES_ROOT\Applications\notepad.exe\
HKEY_CLASSES_ROOT\Applications\notepad.exe\\shell
HKEY_CLASSES_ROOT\Applications\notepad.exe\\shell\open
HKEY_CLASSES_ROOT\Applications\notepad.exe\\shell\open\command
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_CLASSES_ROOT\Applications\ntbackup.exe
HKEY_CLASSES_ROOT\Applications\ois.exe
HKEY_CLASSES_ROOT\Applications\ois.exe\
HKEY_CLASSES_ROOT\Applications\ois.exe\\shell
HKEY_CLASSES_ROOT\Applications\ois.exe\\shell\open
HKEY_CLASSES_ROOT\Applications\ois.exe\\shell\open\command
HKEY_CLASSES_ROOT\Applications\oledb32.dll
HKEY_CLASSES_ROOT\Applications\ORGCHART.EXE
HKEY_CLASSES_ROOT\Applications\OSA.EXE
HKEY_CLASSES_ROOT\Applications\Outlook.EXE
HKEY_CLASSES_ROOT\Applications\perfmon.exe
HKEY_CLASSES_ROOT\Applications\python.exe
HKEY_CLASSES_ROOT\Applications\python.exe\
HKEY_CLASSES_ROOT\Applications\python.exe\\shell
HKEY_CLASSES_ROOT\Applications\python.exe\\shell\open
HKEY_CLASSES_ROOT\Applications\python.exe\\shell\open\command
HKEY_CLASSES_ROOT\Applications\pythonw.exe
HKEY_CLASSES_ROOT\Applications\pythonw.exe\
HKEY_CLASSES_ROOT\Applications\pythonw.exe\\shell
HKEY_CLASSES_ROOT\Applications\pythonw.exe\\shell\open
HKEY_CLASSES_ROOT\Applications\pythonw.exe\\shell\open\command
HKEY_CLASSES_ROOT\Applications\rasphone.exe
HKEY_CLASSES_ROOT\Applications\realmon.exe
HKEY_CLASSES_ROOT\Applications\realmon.exe\
HKEY_CLASSES_ROOT\Applications\realmon.exe\\shell
HKEY_CLASSES_ROOT\Applications\regedit.exe
HKEY_CLASSES_ROOT\Applications\rnaui.dll
HKEY_CLASSES_ROOT\Applications\shdocvw.dll
HKEY_CLASSES_ROOT\Applications\shell32.dll
HKEY_CLASSES_ROOT\Applications\shimgvw.dll
HKEY_CLASSES_ROOT\Applications\shimgvw.dll\
HKEY_CLASSES_ROOT\Applications\shimgvw.dll\\shell
HKEY_CLASSES_ROOT\Applications\shimgvw.dll\\shell\open
HKEY_CLASSES_ROOT\Applications\shimgvw.dll\\shell\open\command
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\rundll32.exe
HKEY_CLASSES_ROOT\Applications\shscrap.dll
HKEY_CLASSES_ROOT\Applications\snapview.exe
HKEY_CLASSES_ROOT\Applications\sndvol32.exe
HKEY_CLASSES_ROOT\Applications\sndvol32.exe\
HKEY_CLASSES_ROOT\Applications\sndvol32.exe\\shell
HKEY_CLASSES_ROOT\Applications\themes.exe
HKEY_CLASSES_ROOT\Applications\Ttxmpc97.exe
HKEY_CLASSES_ROOT\Applications\url.dll
HKEY_CLASSES_ROOT\Applications\wab.exe
HKEY_CLASSES_ROOT\Applications\WB32.EXE
HKEY_CLASSES_ROOT\Applications\winhlp32.exe
HKEY_CLASSES_ROOT\Applications\Winword.exe
HKEY_CLASSES_ROOT\Applications\Winword.exe\
HKEY_CLASSES_ROOT\Applications\Winword.exe\\shell
HKEY_CLASSES_ROOT\Applications\Winword.exe\\shell\open
HKEY_CLASSES_ROOT\Applications\Winword.exe\\shell\edit
HKEY_CLASSES_ROOT\Applications\Winword.exe\\shell\edit\command
HKEY_CLASSES_ROOT\Applications\wltmime.exe
HKEY_CLASSES_ROOT\Applications\wmplayer.exe
HKEY_CLASSES_ROOT\Applications\wmplayer.exe\
HKEY_CLASSES_ROOT\Applications\wmplayer.exe\\shell
HKEY_CLASSES_ROOT\Applications\wmplayer.exe\\shell\open
HKEY_CLASSES_ROOT\Applications\wmplayer.exe\\shell\open\command
HKEY_CLASSES_ROOT\Applications\wordpad.exe
HKEY_CLASSES_ROOT\Applications\wordpad.exe\
HKEY_CLASSES_ROOT\Applications\wordpad.exe\\shell
HKEY_CLASSES_ROOT\Applications\wordpad.exe\\shell\open
HKEY_CLASSES_ROOT\Applications\wordpad.exe\\shell\open\command
HKEY_CLASSES_ROOT\Applications\wpnpinst.exe
HKEY_CLASSES_ROOT\Applications\WScript.exe
HKEY_CLASSES_ROOT\Applications\XPSViewer.exe
HKEY_CLASSES_ROOT\Applications\XPSViewer.exe\
HKEY_CLASSES_ROOT\Applications\XPSViewer.exe\\shell
HKEY_CLASSES_ROOT\Applications\zipfldr.dll
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\\
HKEY_LOCAL_MACHINE\Software\classes
HKEY_LOCAL_MACHINE\Software\classes\_auto_file
HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\\\shell
HKEY_LOCAL_MACHINE\Software\classes\_auto_file\shell\Read
HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\\\shell\Read
HKEY_LOCAL_MACHINE\Software\classes\_auto_file\shell\Read\command
HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\\\shell\Read\command
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\rundll32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
HKEY_CLASSES_ROOT\.
HKEY_CLASSES_ROOT\SystemFileAssociations\.
HKEY_CLASSES_ROOT\*
HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Acrobat\9.0\Security
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\ORO
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters
HKEY_LOCAL_MACHINE\System
HKEY_LOCAL_MACHINE\System\Acrobatviewercpp304
HKEY_LOCAL_MACHINE\Software\Adobe
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Installer\Migrated
HKEY_LOCAL_MACHINE\Software\Adobe\Repair\Acrobat Reader\9.0\IOD
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Language\current
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Installer
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1547161642-507921405-839522115-1004\Installer\Products\68AB67CA7DA73301B7449A0400000010
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Installer\Products\68AB67CA7DA73301B7449A0400000010
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA73301B7449A0400000010
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7449A0400000010\InstallProperties
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Installer\Migrated
HKEY_CURRENT_USER\Software\Adobe\Acrobat Distiller\9.0\Installer\Migrated
HKEY_CURRENT_USER\Software\Adobe\Acrobat Elements\9.0\Installer\Migrated
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Installer\Migrate
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Language\path
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Language\path
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Language\select
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Language\next
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Language\next
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Language\UseMUI
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\AdobeViewer
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\AVGeneral
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\SDI
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Originals
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\AVPrivate
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Private
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Private
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Hotfix
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Hotfix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\AVGeneral
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\AcroRd32.exe
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Type 1 Installer\Type 1 Fonts
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\AVConversionToPDF
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\AVConversionToPDF
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\AVConversionFromPDF
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\AVConversionFromPDF
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Language\current
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Intl
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\AVPrivate
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Intl
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\RIF
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\RIF
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Selection
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Selection
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockdown
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockdown\cDefaultExecMenuItems
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockdown\cDefaultLaunchAttachmentPerms
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockdown\cDefaultLaunchURLPerms
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Originals
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\AVDisplay
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\AVDisplay
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_CLASSES_ROOT\AppID\AcroRd32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Workflows
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Workflows
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\SDI
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Annots
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Annots
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\AVAlert
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\AVAlert
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\DiskCabs
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Collab
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Collab
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\AVTracker
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\AVTracker
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\TaskButtons
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\TaskButtons
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\AutoSaveDocs
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\AutoSaveDocs
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\AdobeViewer
HKEY_CURRENT_USER\Software\Adobe\Adobe Synchronizer\9.0
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.1024\AVPrivate
CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}
CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\TreatAs
\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}
\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\InprocServer32
\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\InprocServerX86
\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\LocalServer32
\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\InprocHandler32
\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\InprocHandlerX86
\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\LocalServer
\AppID\{667524BE-9EC0-4196-91C9-C6ED1F7A899D}
HKEY_CLASSES_ROOT\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}
HKEY_CLASSES_ROOT\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Accessibility\Handlers
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_CLASSES_ROOT\TypeLib
HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}
HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1
HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32
HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\HELPDIR
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\TypeLib
HKEY_CLASSES_ROOT\Interface\{03022430-ABC4-11D0-BDE2-00AA001A1953}
HKEY_CLASSES_ROOT\Interface\{03022430-ABC4-11D0-BDE2-00AA001A1953}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{03022430-ABC4-11D0-BDE2-00AA001A1953}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{03022430-ABC4-11D0-BDE2-00AA001A1953}\TypeLib
CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}
CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\TreatAs
\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}
\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocServer32
\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocServerX86
\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\LocalServer32
\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocHandler32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\RememberedViews
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\RememberedViews
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\UsageMeasurement
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\UsageMeasurement
HKEY_CURRENT_USER\Software\Adobe\CommonFiles\Usage\Reader 9
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\General
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\General
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Updater
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Updater
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\System\WSZXSGANXFJVAYSXYQGNXKQY
HKEY_LOCAL_MACHINE\Software\Adobe\Adobe ARM\1.0\ARM
Comments
User comments about 3d226b842f657ba6a346ae4226776927de76d028fb0ccd4edbd36314c758be9c.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.