File: 56383beaf49582b1e6de9a9c7ecd7860

Metadata
File name:bluewhale.vbs
File type:ASCII text, with very long lines, with CRLF line terminators
File size:87703 bytes
Analysis date:2017-05-31 14:34:12
MD5:56383beaf49582b1e6de9a9c7ecd7860
SHA1:f84808978788de1f50bd783a8fd2406a23214d1f
SHA256:1ada2ec41431e1fccbeddb9cfb9c1b191757805643bbad67895234d0df348525
SHA512:5e253e3375d9b7caf49359d6ef4a088f642a77f77aef759244302e699eb3fab6fc64b57e035ff9bbeec4b921135e8baf4096bf5471ee07da7633cc85a6c70b2f
SSDEEP:1536:LL9jyHUNxR78jlrq9/+pC2VpeDVMqGUWKOeeGzDm6l5sFJ6S:npd8Y9/oIe4aCk
IMPHASH:N/A
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 56383beaf49582b1e6de9a9c7ecd7860.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_CLASSES_ROOT\.vbs
HKEY_CLASSES_ROOT\VBSFile\ScriptEngine
HKEY_CLASSES_ROOT\VBScript
HKEY_CLASSES_ROOT\VBScript\CLSID
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
HKEY_CLASSES_ROOT\VBScript\CLSID\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}
HKEY_CLASSES_ROOT\VBScript\CLSID\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\TreatAs
HKEY_CLASSES_ROOT\VBScript\CLSID\
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServerX86
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\LocalServer32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocHandler32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocHandlerX86
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}
HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\TreatAs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\LevelObjects
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
{dda3f824-d8cb-441b-834d-be2efd2c1a33}
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{000C10F1-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{06C9E010-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{1A610570-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllIsMyFileType2
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllPutSignedDataMsg
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllGetSignedDataMsg
HKEY_CLASSES_ROOT\VBScript\CLSID\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}
HKEY_CLASSES_ROOT\VBScript\CLSID\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\TreatAs
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\InprocServer32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\InprocServerX86
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\LocalServer32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\InprocHandler32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\InprocHandlerX86
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}
HKEY_CLASSES_ROOT\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\TreatAs
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_CLASSES_ROOT\WSCRIPT.SHELL
HKEY_CLASSES_ROOT\WSCRIPT.SHELL\CLSID
HKEY_CLASSES_ROOT\VBScript\CLSID\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
HKEY_CLASSES_ROOT\VBScript\CLSID\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\TreatAs
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocServer32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocServerX86
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\LocalServer32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocHandler32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocHandlerX86
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
HKEY_CLASSES_ROOT\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\TreatAs
HKEY_CLASSES_ROOT\TypeLib
HKEY_CLASSES_ROOT\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}
HKEY_CLASSES_ROOT\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
HKEY_CLASSES_ROOT\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\409
HKEY_CLASSES_ROOT\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\9
HKEY_CLASSES_ROOT\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win32
HKEY_CLASSES_ROOT\MICROSOFT.XMLDOM
HKEY_CLASSES_ROOT\MICROSOFT.XMLDOM\CLSID
HKEY_CLASSES_ROOT\VBScript\CLSID\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}
HKEY_CLASSES_ROOT\VBScript\CLSID\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\TreatAs
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\InprocServer32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\InprocServerX86
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\LocalServer32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\InprocHandler32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\InprocHandlerX86
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}
HKEY_CLASSES_ROOT\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\TreatAs
HKEY_CLASSES_ROOT\ADODB.STREAM
HKEY_CLASSES_ROOT\ADODB.STREAM\CLSID
HKEY_CLASSES_ROOT\VBScript\CLSID\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}
HKEY_CLASSES_ROOT\VBScript\CLSID\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\TreatAs
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServerX86
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\LocalServer32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocHandler32
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocHandlerX86
HKEY_CLASSES_ROOT\VBScript\CLSID\\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}
HKEY_CLASSES_ROOT\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\TreatAs
HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0
HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index59
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\65\b2cf9c9
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e\2d
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\268e923b\24
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\10
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\e
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\61a5c1bb\44
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\6abb48d8\39
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\643db07b\27
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\7949fb97\45
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\8
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\67e63d5c\6
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\7
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6e9ac653\8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748\11
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2995e574\9
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\3914f670\25
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4426ac2f\21
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\31de29a4\b
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\b1a55bd
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\b1a55bd\36
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb\18
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\19057a88\23
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\WScript.Shell
HKEY_CLASSES_ROOT\WScript.Shell\CLSID
CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\TreatAs
HKEY_CLASSES_ROOT\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocServer32
\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocServer32
\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocServerX86
\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\LocalServer32
\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocHandler32
\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocHandlerX86
\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\LocalServer
HKEY_CLASSES_ROOT\AppID\YEFDGYT.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
HKEY_CLASSES_ROOT\Interface\{B196B283-BAB4-101A-B69C-00AA00341D07}
HKEY_CLASSES_ROOT\Interface\{B196B283-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServerX86
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer32
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandlerX86
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_CLASSES_ROOT\Interface\{00020401-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{00020401-0000-0000-C000-000000000046}\ProxyStubClsid32
CLSID\{00020422-0000-0000-C000-000000000046}
CLSID\{00020422-0000-0000-C000-000000000046}\TreatAs
\CLSID\{00020422-0000-0000-C000-000000000046}
\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32
\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServerX86
\CLSID\{00020422-0000-0000-C000-000000000046}\LocalServer32
\CLSID\{00020422-0000-0000-C000-000000000046}\InprocHandler32
\CLSID\{00020422-0000-0000-C000-000000000046}\InprocHandlerX86
\CLSID\{00020422-0000-0000-C000-000000000046}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00020422-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\CLSID\{00020422-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\PCHealth\ErrorReporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\InclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\InclusionList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\PCHealth\ErrorReporting\InclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\InclusionList
HKEY_LOCAL_MACHINE\Software\Microsoft\PCHealth\ErrorReporting\DW\Installed
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh
\REGISTRY\MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServerX86
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandlerX86
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing
HKEY_USERS\Napmontr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Gemplus GemSAFE Card CSP v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Infineon SICRYPT Base Smart Card CSP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft DH SChannel Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced Cryptographic Provider v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Exchange Cryptographic Provider v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft RSA SChannel Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Schlumberger Cryptographic Service Provider
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}
CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\TreatAs
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\InprocServer32
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\InprocServerX86
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\LocalServer32
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\InprocHandler32
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\InprocHandlerX86
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}
HKEY_CLASSES_ROOT\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}
CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\TreatAs
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\InprocServer32
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\InprocServerX86
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\LocalServer32
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\InprocHandler32
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\InprocHandlerX86
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}
HKEY_CLASSES_ROOT\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\TreatAs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Shas
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs\79617
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs\79618
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs\79619
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs\79620
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs\79621
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs\79623
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\Qecs\79617
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\Qecs\79618
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\Qecs\79619
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\Qecs\79620
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\Qecs\79621
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\Qecs\79623
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\UI
HKEY_CLASSES_ROOT\AppID\netsh.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\HCS
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServerX86
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandlerX86
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer
\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServerX86
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandlerX86
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServerX86
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandlerX86
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServerX86
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandlerX86
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServerX86
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandler32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandlerX86
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
HKEY_CURRENT_USER\Software\Microsoft\PCHealth\ErrorReporting\DW\Debug
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Common\Security
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\11.0\Common\InstallRoot
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office
HKEY_CURRENT_USER\Software\Microsoft\Office\Common
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Common\ProductVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\PCHealth\ErrorReporting\DW
HKEY_LOCAL_MACHINE\Software\Microsoft\PCHealth\ErrorReporting\DW
HKEY_LOCAL_MACHINE\Software\Microsoft\PCHealth\ErrorReporting\DW\Debug
HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDlls
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092220140929
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092920140930
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Environment
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Volatile Environment
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_CLASSES_ROOT\.htm
Control Panel\International\Geo
Comments
User comments about 56383beaf49582b1e6de9a9c7ecd7860.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.