File: dbefd996730df2b4bc8a38b915cce758

Metadata
File name:06ea416889f419ae3d815ac96a9926fbfd8594070c2cfce3b3351da1f29104a1.bin
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:773146 bytes
Analysis date:2016-12-01 18:53:30
MD5:dbefd996730df2b4bc8a38b915cce758
SHA1:628f09567fa3d5ea26398e23f11d7941d304ad30
SHA256:06ea416889f419ae3d815ac96a9926fbfd8594070c2cfce3b3351da1f29104a1
SHA512:b67408564d7d30ba0923ffd4dd6080c05417e312024ef07e0d65f8ed690becd74fc001e66756b775591abcbc1843e9e770b521ff22f78c431bb13b04577b289c
SSDEEP:12288:nhxp3lZnT9bDuaI32G/UMDPs7f8v3jnP0/AWqfTXaYptPwOpXJlhsgf3:nJlh9bDuaIOf8/jP0/ITXaYpVzJlhsK
IMPHASH:027ea80e8125c6dda271246922d4c3b0
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with dbefd996730df2b4bc8a38b915cce758.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}
CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\TreatAs
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServerX86
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\LocalServer32
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocHandler32
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocHandlerX86
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}
HKEY_CLASSES_ROOT\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\TreatAs
CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}
CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\TreatAs
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServerX86
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\LocalServer32
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocHandler32
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocHandlerX86
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}
HKEY_CLASSES_ROOT\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\TreatAs
CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}
CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\TreatAs
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServerX86
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\LocalServer32
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocHandler32
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocHandlerX86
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}
HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\TreatAs
HKEY_CLASSES_ROOT\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_CURRENT_USER\Software\WinRAR SFX
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat
HKEY_CLASSES_ROOT\.bat
HKEY_CLASSES_ROOT\batfile
HKEY_CLASSES_ROOT\batfile\CurVer
HKEY_CLASSES_ROOT\batfile\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CLASSES_ROOT\batfile\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.bat
HKEY_CLASSES_ROOT\SystemFileAssociations\application
HKEY_CLASSES_ROOT\batfile\\Clsid
HKEY_CLASSES_ROOT\*
HKEY_CLASSES_ROOT\*\Clsid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServerX86
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer32
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandler32
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandlerX86
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
HKEY_CLASSES_ROOT\batfile\\shell
HKEY_CLASSES_ROOT\batfile\\shell\open
HKEY_CLASSES_ROOT\batfile\\
HKEY_CLASSES_ROOT\batfile\\\shell
CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServer32
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServerX86
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer32
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandler32
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandlerX86
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Groove
HKEY_CURRENT_USER\SOFTWARE\Groove Networks, Inc.\Groove
HKEY_LOCAL_MACHINE\SOFTWARE\Groove Networks, Inc.\Groove
HKEY_LOCAL_MACHINE\SOFTWARE\Groove.OldData
HKEY_CURRENT_USER\SOFTWARE\Groove.OldData
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Groove\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Groove
CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServerX86
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer32
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandler32
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandlerX86
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandler32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandlerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CLASSES_ROOT\.ade
HKEY_CLASSES_ROOT\.adp
HKEY_CLASSES_ROOT\.app
HKEY_CLASSES_ROOT\.asp
HKEY_CLASSES_ROOT\.bas
CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
HKEY_LOCAL_MACHINE\System\Setup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\C\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\C
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\C
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_CLASSES_ROOT\batfile\\shell\open\command
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\fud2.bat
HKEY_CLASSES_ROOT\batfile\\shell\open\ddeexec
HKEY_CLASSES_ROOT\Applications\fud2.bat
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}
CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\TreatAs
\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}
\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\InprocServer32
\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\InprocServerX86
\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\LocalServer32
\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\InprocHandler32
\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\InprocHandlerX86
\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}
HKEY_CLASSES_ROOT\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\TreatAs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\\\UserAssist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\\\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\\\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\\\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\\\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\\UserAssist\Settings
HKEY_CLASSES_ROOT\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\CDF
HKEY_CLASSES_ROOT\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{67ea19a0-ccef-11d0-8024-00c04fd75d13}\InProcServer32
CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}
CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\TreatAs
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InprocServer32
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InprocServerX86
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\LocalServer32
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InprocHandler32
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InprocHandlerX86
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}
HKEY_CLASSES_ROOT\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem
HKEY_CLASSES_ROOT\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\MyDocuments
HKEY_CLASSES_ROOT\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ecf03a33-103d-11d2-854d-006008059367}\InProcServer32
CLSID\{ECF03A33-103D-11D2-854D-006008059367}
CLSID\{ECF03A33-103D-11D2-854D-006008059367}\TreatAs
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InprocServer32
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InprocServerX86
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\LocalServer32
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InprocHandler32
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InprocHandlerX86
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{ECF03A33-103D-11D2-854D-006008059367}
HKEY_CLASSES_ROOT\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{ECF03A33-103D-11D2-854D-006008059367}
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing
HKEY_CLASSES_ROOT\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32
CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}
CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\TreatAs
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServer32
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServerX86
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\LocalServer32
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocHandler32
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocHandlerX86
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}
HKEY_CLASSES_ROOT\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\TreatAs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\server2.sfx.exe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\LevelObjects
{dda3f824-d8cb-441b-834d-be2efd2c1a33}
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\fud.bat
HKEY_CLASSES_ROOT\Applications\fud.bat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\server.sfx.exe
{dda3f824-d8cb-441b-834d-be2efd2c1a33}\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CLASSES_ROOT\.exe
HKEY_CLASSES_ROOT\exefile
HKEY_CLASSES_ROOT\exefile\CurVer
HKEY_CLASSES_ROOT\exefile\
HKEY_CLASSES_ROOT\exefile\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_CLASSES_ROOT\exefile\\Clsid
HKEY_CLASSES_ROOT\exefile\\shell
HKEY_CLASSES_ROOT\exefile\\shell\open
HKEY_CLASSES_ROOT\exefile\\
HKEY_CLASSES_ROOT\exefile\\\shell
HKEY_CLASSES_ROOT\.cer
HKEY_CLASSES_ROOT\.chm
HKEY_CLASSES_ROOT\.cmd
HKEY_CLASSES_ROOT\.com
HKEY_CLASSES_ROOT\.cpl
HKEY_CLASSES_ROOT\.crt
HKEY_CLASSES_ROOT\.csh
HKEY_CLASSES_ROOT\exefile\\shell\open\command
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\server.exe
HKEY_CLASSES_ROOT\exefile\\shell\open\ddeexec
HKEY_CLASSES_ROOT\Applications\server.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\UserAssist
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
HKEY_CURRENT_USER\Software\Borland\Locales
HKEY_LOCAL_MACHINE\Software\Borland\Locales
HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\IDConfigDB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\IDConfigDB\Hardware Profiles\0001
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\IDConfigDB\CurrentDockInfo
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software\DC3_FEXEC
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\server.exe
ActiveComputerName\Hardware Profiles\0001
ActiveComputerName\CurrentDockInfo
HKEY_CURRENT_USER\Software\DC2_USERS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\svchost.exe
Comments
User comments about dbefd996730df2b4bc8a38b915cce758.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.