File: 67d4f754de73c384c6d97563a61dbb0b

Metadata
File name:Server.exe
File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size:29696 bytes
Analysis date:2017-03-23 05:47:01
MD5:67d4f754de73c384c6d97563a61dbb0b
SHA1:68d68f5d5968649590008b1eb9a44debd147cc75
SHA256:fc1fb0b07743e7252fbf604d6d82b1d3b1b8babe942b237dc87524cd25b3cdf8
SHA512:b7807bed84b531b289dfeeca847a2ad7331f4c1595694d80e76ccefbc956daf0a5ca5d6441e228f78300103d3311bc4e790b69bd8d34858dfe8748f8678fc674
SSDEEP:768:JY7bXEI+Ge1gFaYqwzLeiBKh0p29SgRbN:+7bXh7RznKhG29jbN
IMPHASH:f34d5f2d4577ed6d9ceec516c1f5a744
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 67d4f754de73c384c6d97563a61dbb0b.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index42
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\37b8106e\7738c853
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\8
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\67e63d5c\6
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\7
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6e9ac653\8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e\2d
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\268e923b\24
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\10
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\e
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\61a5c1bb\44
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\6abb48d8\39
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\643db07b\27
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\7949fb97\45
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748\11
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2995e574\9
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\3914f670\25
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4426ac2f\21
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\31de29a4\b
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Server.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CLASSES_ROOT\.exe
HKEY_CLASSES_ROOT\exefile
HKEY_CLASSES_ROOT\exefile\CurVer
HKEY_CLASSES_ROOT\exefile\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\exefile\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_CLASSES_ROOT\SystemFileAssociations\application
HKEY_CLASSES_ROOT\exefile\\Clsid
HKEY_CLASSES_ROOT\*
HKEY_CLASSES_ROOT\*\Clsid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServerX86
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer32
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandler32
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandlerX86
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
HKEY_CLASSES_ROOT\exefile\\shell
HKEY_CLASSES_ROOT\exefile\\shell\open
HKEY_CLASSES_ROOT\exefile\\
HKEY_CLASSES_ROOT\exefile\\\shell
CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServer32
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServerX86
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer32
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandler32
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandlerX86
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Groove
HKEY_CURRENT_USER\SOFTWARE\Groove Networks, Inc.\Groove
HKEY_LOCAL_MACHINE\SOFTWARE\Groove Networks, Inc.\Groove
HKEY_LOCAL_MACHINE\SOFTWARE\Groove.OldData
HKEY_CURRENT_USER\SOFTWARE\Groove.OldData
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Groove\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Groove
CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServerX86
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer32
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandler32
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandlerX86
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandler32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandlerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CLASSES_ROOT\.ade
HKEY_CLASSES_ROOT\.adp
HKEY_CLASSES_ROOT\.app
HKEY_CLASSES_ROOT\.asp
HKEY_CLASSES_ROOT\.bas
HKEY_CLASSES_ROOT\.bat
HKEY_CLASSES_ROOT\.cer
HKEY_CLASSES_ROOT\.chm
HKEY_CLASSES_ROOT\.cmd
HKEY_CLASSES_ROOT\.com
HKEY_CLASSES_ROOT\.cpl
HKEY_CLASSES_ROOT\.crt
HKEY_CLASSES_ROOT\.csh
CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
HKEY_LOCAL_MACHINE\System\Setup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\C\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\C
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\C
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_CLASSES_ROOT\exefile\\shell\open\command
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Trojan.exe
HKEY_CLASSES_ROOT\exefile\\shell\open\ddeexec
HKEY_CLASSES_ROOT\Applications\Trojan.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_CLASSES_ROOT\AppID\Server.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\b1a55bd\36
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb\18
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\19057a88\23
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
HKEY_CURRENT_USER\Software\5cd8f17f4086744065eb0992a09e05a2
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\ebc8f48
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\ebc8f48\3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\30041bb6\4c
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\43970528\4b
CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}
CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\TreatAs
\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}
\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocServer32
\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocServerX86
\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\LocalServer32
\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocHandler32
\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocHandlerX86
\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}
HKEY_CLASSES_ROOT\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\TreatAs
HKEY_CLASSES_ROOT\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\Server
HKEY_CLASSES_ROOT\AppID\Trojan.exe
CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}
CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\TreatAs
\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}
\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServerX86
\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\LocalServer32
\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocHandler32
\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocHandlerX86
\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}
HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\TreatAs
CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServerX86
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandlerX86
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServerX86
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandlerX86
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer
\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServerX86
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandlerX86
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServerX86
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandlerX86
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServerX86
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandlerX86
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh
\REGISTRY\MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\Microsoft\NAP\Netsh
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\Microsoft\NAP\Netsh\Napmontr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Gemplus GemSAFE Card CSP v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Infineon SICRYPT Base Smart Card CSP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft DH SChannel Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced Cryptographic Provider v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Exchange Cryptographic Provider v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft RSA SChannel Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Schlumberger Cryptographic Service Provider
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}
CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\TreatAs
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\InprocServer32
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\InprocServerX86
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\LocalServer32
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\InprocHandler32
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\InprocHandlerX86
\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}
HKEY_CLASSES_ROOT\CLSID\{EA4A0A43-1C8F-4C7B-A4B1-28ECBD96BA8C}\TreatAs
CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}
CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\TreatAs
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\InprocServer32
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\InprocServerX86
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\LocalServer32
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\InprocHandler32
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\InprocHandlerX86
\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}
HKEY_CLASSES_ROOT\CLSID\{EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F}\TreatAs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Shas
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\79617
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\79618
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\79619
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\79620
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\79621
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\79623
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Qecs\79617
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Qecs\79618
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Qecs\79619
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Qecs\79620
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Qecs\79621
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Qecs\79623
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\UI
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\Qecs
HKEY_CLASSES_ROOT\AppID\netsh.exe
HKEY_USERS\Gemplus GemSAFE Card CSP v1.0
HKEY_LOCAL_MACHINE\Software\Microsoft\HCS
\ProxyStubClsid32
CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServerX86
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandler32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandlerX86
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}
CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\TreatAs
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocServer32
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocServerX86
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\LocalServer32
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocHandler32
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocHandlerX86
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}
HKEY_CLASSES_ROOT\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\TreatAs
Comments
User comments about 67d4f754de73c384c6d97563a61dbb0b.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.