Tags:
None
Analysis
| Category | Started | Completed | Duration |
|---|---|---|---|
| FILE | 2015-08-18 01:33:58 | 2015-08-18 01:36:16 | 138 seconds |
File Details
| File Name | malware.exe |
|---|---|
| File Size | 6293 bytes |
| File Type | MS-DOS executable, MZ for MS-DOS |
| MD5 | 448d7119e969648462ab4489238ad06b |
| SHA1 | 631b0bb27ce59f87c1ff4b7ad35ff279f28c8d4a |
| SHA256 | b29ae3ef25ffdf74ddfc679f024a9cb5ff7a27989da6f82d71823ddd19100496 |
| SHA512 | d2d52520b6f247b4fd8bbe51f7c495e14922c5e53680cbb2f785c09d7214867650206f7fa75900f4deb44cdafadb951aaf31bf0636b792e090ed3f5ad11a6394 |
| CRC32 | 41E02CF9 |
| Ssdeep | 192:ZbD+xDTcLKWgHK0BUUrUSpZ3JDMj0RALHt:ZbD+Gg9BrrUOZ3JDk0Kzt |
| Yara | None matched |
| You need to login |
Signatures
A process attempted to delay the analysis task.
Process: svchost.exe tried to sleep 232 seconds, actually delayed analysis time by 0 seconds
File has been identified by at least one AntiVirus on VirusTotal as malicious
Performs some HTTP requests
process: None
signs: [{u'type': u'http', u'value': {u'count': 1, u'body': u'', u'uri': u'http://prevedtraf.biz/adv/052/win32.exe', u'user-agent': u'Mozilla/5.0', u'port': 80, u'host': u'prevedtraf.biz', u'version': u'1.1', u'path': u'/adv/052/win32.exe', u'data': u'GET /adv/052/win32.exe HTTP/1.1\r\nUser-Agent: Mozilla/5.0\r\nHost: prevedtraf.biz\r\n\r\n', u'method': u'GET'}}, {u'type': u'http', u'value': {u'count': 1, u'body': u'', u'uri': u'http://prevedtraf.biz/adv/071/win32.exe', u'user-agent': u'Mozilla/5.0', u'port': 80, u'host': u'prevedtraf.biz', u'version': u'1.1', u'path': u'/adv/071/win32.exe', u'data': u'GET /adv/071/win32.exe HTTP/1.1\r\nUser-Agent: Mozilla/5.0\r\nHost: prevedtraf.biz\r\n\r\n', u'method': u'GET'}}, {u'type': u'http', u'value': {u'count': 1, u'body': u'', u'uri': u'http://xfvqogonsk.biz/dl/loadadv655.exe', u'user-agent': u'Mozilla/5.0', u'port': 80, u'host': u'xfvqogonsk.biz', u'version': u'1.1', u'path': u'/dl/loadadv655.exe', u'data': u'GET /dl/loadadv655.exe HTTP/1.1\r\nUser-Agent: Mozilla/5.0\r\nHost: xfvqogonsk.biz\r\n\r\n', u'method': u'GET'}}, {u'type': u'http', u'value': {u'count': 1, u'body': u'', u'uri': u'http://www.realfreevideos.com/mt/mwwyg/s4g3/gallery5.php?id=777', u'user-agent': u'Microsoft Internet Explorer', u'port': 80, u'host': u'www.realfreevideos.com', u'version': u'1.1', u'path': u'/mt/mwwyg/s4g3/gallery5.php?id=777', u'data': u'GET /mt/mwwyg/s4g3/gallery5.php?id=777 HTTP/1.1\r\nUser-Agent: Microsoft Internet Explorer\r\nHost: www.realfreevideos.com\r\n\r\n', u'method': u'GET'}}]
Steals private information from local Internet browsers
process: {u'process_name': u'svchost.exe', u'process_id': 264}
signs: [{u'type': u'api', u'value': {u'category': u'filesystem', u'status': True, u'return': u'0x00000000', u'timestamp': u'2015-08-17 16:34:01,265', u'thread_id': u'1996', u'repeated': 0, u'api': u'NtCreateFile', u'arguments': [{u'name': u'ShareAccess', u'value': u'3'}, {u'name': u'FileName', u'value': u'C:\\Documents and Settings\\User\\Local Settings\\History\\History.IE5\\index.dat'}, {u'name': u'DesiredAccess', u'value': u'0xc0100080'}, {u'name': u'CreateDisposition', u'value': u'3'}, {u'name': u'FileHandle', u'value': u'0x000000ec'}], u'id': 704}}]
process: {u'process_name': u'svchost.exe', u'process_id': 264}
signs: [{u'type': u'api', u'value': {u'category': u'filesystem', u'status': True, u'return': u'0x00000000', u'timestamp': u'2015-08-17 16:34:01,265', u'thread_id': u'1996', u'repeated': 0, u'api': u'NtCreateFile', u'arguments': [{u'name': u'ShareAccess', u'value': u'3'}, {u'name': u'FileName', u'value': u'C:\\Documents and Settings\\User\\Local Settings\\History\\History.IE5\\index.dat'}, {u'name': u'DesiredAccess', u'value': u'0xc0100080'}, {u'name': u'CreateDisposition', u'value': u'3'}, {u'name': u'FileHandle', u'value': u'0x000000ec'}], u'id': 707}}]
Screenshots
Hosts
| IP |
|---|
| 193.166.255.171 |
| 209.123.8.61 |
| 72.52.4.119 |
| 208.91.197.46 |
Domains
| Domain | IP |
|---|---|
| prevedtraf.biz | 193.166.255.171 |
| www.realfreevideos.com | 72.52.4.119 |
| www.videoobjectmedia.com | |
| xfvqogonsk.biz | 208.91.197.46 |
| 09.justcountrr.org |
Summary
PIPE\wkssvc
IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3231303037333036372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
MountPointManager
STORAGE#Volume#1&30a96598&0&Signature32B832B7Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
C:\Documents and Settings
C:\Documents and Settings\User
C:\Documents and Settings\User\My Documents
C:\Documents and Settings\User\My Documents\desktop.ini
C:\Documents and Settings\All Users
C:\Documents and Settings\All Users\Documents
C:\Documents and Settings\All Users\Documents\desktop.ini
C:\Documents and Settings\User\Desktop
C:\Documents and Settings\All Users\Desktop
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
C:\WINDOWS\Registration\R000000000007.clb
C:\DOCUME~1\User\LOCALS~1\Temp\svchost.exe
c:\docume~1\user\locals~1\temp\svchost.exe
C:\DOCUME~1
C:\DOCUME~1\User
C:\DOCUME~1\User\LOCALS~1
C:\DOCUME~1\User\LOCALS~1\Temp
C:\DOCUME~1\User\LOCALS~1\Temp\malware.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files
C:\Documents and Settings\User\Local Settings\History
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\
C:\
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\User\Cookies\
C:\Documents and Settings\User\Cookies\index.dat
C:\Documents and Settings\User\Local Settings\History\History.IE5\
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat
PIPE\lsarpc
C:\Documents and Settings\User\Cookies\user@realfreevideos[1].txt
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4XEJWTA3\gallery5[1].htm
C:\Documents and Settings\User\Cookies\user@xfvqogonsk[1].txt
C:\DOCUME~1\User\LOCALS~1\Temp\cmllpici.exe
IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3231303037333036372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
MountPointManager
STORAGE#Volume#1&30a96598&0&Signature32B832B7Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
C:\Documents and Settings
C:\Documents and Settings\User
C:\Documents and Settings\User\My Documents
C:\Documents and Settings\User\My Documents\desktop.ini
C:\Documents and Settings\All Users
C:\Documents and Settings\All Users\Documents
C:\Documents and Settings\All Users\Documents\desktop.ini
C:\Documents and Settings\User\Desktop
C:\Documents and Settings\All Users\Desktop
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
C:\WINDOWS\Registration\R000000000007.clb
C:\DOCUME~1\User\LOCALS~1\Temp\svchost.exe
c:\docume~1\user\locals~1\temp\svchost.exe
C:\DOCUME~1
C:\DOCUME~1\User
C:\DOCUME~1\User\LOCALS~1
C:\DOCUME~1\User\LOCALS~1\Temp
C:\DOCUME~1\User\LOCALS~1\Temp\malware.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files
C:\Documents and Settings\User\Local Settings\History
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\
C:\
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\User\Cookies\
C:\Documents and Settings\User\Cookies\index.dat
C:\Documents and Settings\User\Local Settings\History\History.IE5\
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat
PIPE\lsarpc
C:\Documents and Settings\User\Cookies\user@realfreevideos[1].txt
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4XEJWTA3\gallery5[1].htm
C:\Documents and Settings\User\Cookies\user@xfvqogonsk[1].txt
C:\DOCUME~1\User\LOCALS~1\Temp\cmllpici.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\malware.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CLASSES_ROOT\.exe
HKEY_CLASSES_ROOT\exefile
HKEY_CLASSES_ROOT\exefile\CurVer
HKEY_CLASSES_ROOT\exefile\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\exefile\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_CLASSES_ROOT\SystemFileAssociations\application
HKEY_CLASSES_ROOT\exefile\\Clsid
HKEY_CLASSES_ROOT\*
HKEY_CLASSES_ROOT\*\Clsid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServerX86
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer32
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandler32
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandlerX86
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServer32
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServerX86
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer32
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandler32
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandlerX86
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Groove
HKEY_CURRENT_USER\SOFTWARE\Groove Networks, Inc.\Groove
HKEY_LOCAL_MACHINE\SOFTWARE\Groove Networks, Inc.\Groove
HKEY_LOCAL_MACHINE\SOFTWARE\Groove.OldData
HKEY_CURRENT_USER\SOFTWARE\Groove.OldData
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Groove\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Groove
CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServerX86
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer32
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandler32
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandlerX86
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandler32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandlerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CLASSES_ROOT\.ade
HKEY_CLASSES_ROOT\.adp
HKEY_CLASSES_ROOT\.app
HKEY_CLASSES_ROOT\.asp
HKEY_CLASSES_ROOT\.bas
HKEY_CLASSES_ROOT\.bat
HKEY_CLASSES_ROOT\.cer
HKEY_CLASSES_ROOT\.chm
HKEY_CLASSES_ROOT\.cmd
HKEY_CLASSES_ROOT\.com
HKEY_CLASSES_ROOT\.cpl
HKEY_CLASSES_ROOT\.crt
HKEY_CLASSES_ROOT\.csh
CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
HKEY_LOCAL_MACHINE\System\Setup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\C\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\C
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\C
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_CLASSES_ROOT\exefile\\shell\open
HKEY_CLASSES_ROOT\exefile\\shell\open\command
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\svchost.exe
HKEY_CLASSES_ROOT\exefile\\shell\open\ddeexec
HKEY_CLASSES_ROOT\Applications\svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Content
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Cookies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\History
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092220140929
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092920140930
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\prevedtraf.biz
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\prevedtraf.biz
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\209.123.8.61
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\209.123.8.61
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\realfreevideos.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\realfreevideos.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\realfreevideos.com
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html; charset=UTF-8
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\videoobjectmedia.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\videoobjectmedia.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\xfvqogonsk.biz
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xfvqogonsk.biz
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\xfvqogonsk.biz
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\justcountrr.org
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\justcountrr.org
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CLASSES_ROOT\.exe
HKEY_CLASSES_ROOT\exefile
HKEY_CLASSES_ROOT\exefile\CurVer
HKEY_CLASSES_ROOT\exefile\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\exefile\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_CLASSES_ROOT\SystemFileAssociations\application
HKEY_CLASSES_ROOT\exefile\\Clsid
HKEY_CLASSES_ROOT\*
HKEY_CLASSES_ROOT\*\Clsid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServerX86
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer32
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandler32
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandlerX86
\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServer32
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServerX86
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer32
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandler32
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandlerX86
\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Groove
HKEY_CURRENT_USER\SOFTWARE\Groove Networks, Inc.\Groove
HKEY_LOCAL_MACHINE\SOFTWARE\Groove Networks, Inc.\Groove
HKEY_LOCAL_MACHINE\SOFTWARE\Groove.OldData
HKEY_CURRENT_USER\SOFTWARE\Groove.OldData
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Groove\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Groove
CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServerX86
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer32
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandler32
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandlerX86
\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandler32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandlerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CLASSES_ROOT\.ade
HKEY_CLASSES_ROOT\.adp
HKEY_CLASSES_ROOT\.app
HKEY_CLASSES_ROOT\.asp
HKEY_CLASSES_ROOT\.bas
HKEY_CLASSES_ROOT\.bat
HKEY_CLASSES_ROOT\.cer
HKEY_CLASSES_ROOT\.chm
HKEY_CLASSES_ROOT\.cmd
HKEY_CLASSES_ROOT\.com
HKEY_CLASSES_ROOT\.cpl
HKEY_CLASSES_ROOT\.crt
HKEY_CLASSES_ROOT\.csh
CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86
\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
HKEY_LOCAL_MACHINE\System\Setup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\C\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\C
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\C
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_CLASSES_ROOT\exefile\\shell\open
HKEY_CLASSES_ROOT\exefile\\shell\open\command
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\svchost.exe
HKEY_CLASSES_ROOT\exefile\\shell\open\ddeexec
HKEY_CLASSES_ROOT\Applications\svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Content
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Cookies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\History
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092220140929
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092920140930
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\prevedtraf.biz
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\prevedtraf.biz
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\209.123.8.61
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\209.123.8.61
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\realfreevideos.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\realfreevideos.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\realfreevideos.com
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html; charset=UTF-8
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\videoobjectmedia.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\videoobjectmedia.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\xfvqogonsk.biz
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xfvqogonsk.biz
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\xfvqogonsk.biz
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\justcountrr.org
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\justcountrr.org
CTF.TimListCache.FMPDefaultS-1-5-21-1547161642-507921405-839522115-1004MUTEX.DefaultS-1-5-21-1547161642-507921405-839522115-1004
ShimCacheMutex
Groove:PathMutex:[LUt+jL/YbxUWwjk7hRky++rqRco=]
_!MSFTHISTORY!_
c:!documents and settings!user!local settings!temporary internet files!content.ie5!
c:!documents and settings!user!cookies!
c:!documents and settings!user!local settings!history!history.ie5!
WininetStartupMutex
WininetProxyRegistryMutex
ShimCacheMutex
Groove:PathMutex:[LUt+jL/YbxUWwjk7hRky++rqRco=]
_!MSFTHISTORY!_
c:!documents and settings!user!local settings!temporary internet files!content.ie5!
c:!documents and settings!user!cookies!
c:!documents and settings!user!local settings!history!history.ie5!
WininetStartupMutex
WininetProxyRegistryMutex
OOPS! No static analysis available, probably it's not a supported file format.
MZPHP_ZEND2ePE
KERNEL32.dll
\td1P
8^|Cr"S
D`cIP-
_8d9QUq
J7>U!Rb
rn@GdO
htGp:/
`af.b?iz
209.u1t3v8`6
prh;?u
ame='jEyj
.video
setup.7
xfvqorg
Micr9os
p0c%:mp
%cs(WaH
g:MCoh
Y58S0Bu|r6ty:
0An(Vi
$uD$lg
.p?Yen
Psv,ch
xLCyi0
qPT)Tr
9=PB7v
"pxC=os
virxocm
fsAq6Th
^Co+pyD
ag#<FB5
Q?>rR&
ETZ`_chk
,achmR=={
LoadLibraryA
GetProcAddress
| Antivirus | Signature |
|---|---|
| Bkav | HW32.Packed.3115 |
| MicroWorld-eScan | Trojan.Generic.1956151 |
| nProtect | Trojan-Downloader/W32.Tibs.6293 |
| CAT-QuickHeal | Trojan.ZAgent.r2 |
| McAfee | Artemis!448D7119E969 |
| Malwarebytes | Clean |
| Zillya | Downloader.Tibs.Win32.6179 |
| AegisLab | Clean |
| TheHacker | Trojan/Downloader.Tibs.fx |
| Alibaba | Clean |
| K7GW | Trojan ( 0036e6f71 ) |
| K7AntiVirus | Trojan ( 0036e6f71 ) |
| NANO-Antivirus | Trojan.Win32.Tibs.gkrnu |
| Cyren | W32/SuspPack.DH.gen!Eldorado |
| Symantec | Trojan.Zlob |
| ESET-NOD32 | Win32/TrojanDownloader.Agent.AIB |
| TrendMicro-HouseCall | TROJ_DLOADER.IEP |
| Avast | Win32:Trojan-gen |
| ClamAV | Clean |
| GData | Trojan.Generic.1956151 |
| Kaspersky | Trojan-Downloader.Win32.Tibs.fx |
| BitDefender | Trojan.Generic.1956151 |
| Agnitum | Packed/FSG |
| ViRobot | Trojan.Win32.Tibs.6293[h] |
| ByteHero | Clean |
| Tencent | Win32.Trojan-downloader.Tibs.Pcjd |
| Ad-Aware | Trojan.Generic.1956151 |
| Emsisoft | Trojan.Generic.1956151 (B) |
| Comodo | TrojWare.Win32.TrojanDownloader.Agent.AIB |
| F-Secure | Trojan.Generic.1956151 |
| DrWeb | Trojan.DownLoader.19107 |
| VIPRE | Clean |
| TrendMicro | TROJ_DLOADER.IEP |
| McAfee-GW-Edition | BehavesLike.Win32.Downloader.xc |
| Sophos | Mal/Packer |
| F-Prot | W32/SuspPack.DH.gen!Eldorado |
| Jiangmin | TrojanDownloader.Agent.hvk |
| Avira | TR/Downloader.Gen |
| Antiy-AVL | Clean |
| Kingsoft | Win32.TrojDownloader.Tibs.fx.(kcloud) |
| Arcabit | Trojan.Generic.D1DD937 |
| SUPERAntiSpyware | Trojan.Unknown Origin |
| Microsoft | TrojanDownloader:Win32/Tiny.GU |
| AhnLab-V3 | Win-Trojan/Tibs.6293.C |
| ALYac | Trojan.Generic.1956151 |
| AVware | Clean |
| VBA32 | Clean |
| Panda | Adware/VideoActiveXObject |
| Zoner | Clean |
| Rising | PE:Trojan.Win32.Generic.122B3CCF!304823503 |
| Ikarus | Trojan-Dropper.Agent |
| Fortinet | W32/AVF!tr.dldr |
| AVG | Downloader.Generic3.QJQ |
| Baidu-International | Trojan.Win32.Tibs.fx |
| Qihoo-360 | Malware.Radar01.Gen |
-
malware.exe 788
- svchost.exe 264
malware.exe, PID: 788, Parent PID: 2016
network filesystem registry process services synchronization
svchost.exe, PID: 264, Parent PID: 788
network filesystem registry process services synchronization
Domains
| Domain | IP |
|---|---|
| prevedtraf.biz | 193.166.255.171 |
| www.realfreevideos.com | 72.52.4.119 |
| www.videoobjectmedia.com | |
| xfvqogonsk.biz | 208.91.197.46 |
| 09.justcountrr.org |
Hosts
| IP |
|---|
| 193.166.255.171 |
| 209.123.8.61 |
| 72.52.4.119 |
| 208.91.197.46 |
HTTP Requests
| URI | Data |
|---|---|
| http://prevedtraf.biz/adv/052/win32.exe | GET /adv/052/win32.exe HTTP/1.1 User-Agent: Mozilla/5.0 Host: prevedtraf.biz |
| http://prevedtraf.biz/adv/071/win32.exe | GET /adv/071/win32.exe HTTP/1.1 User-Agent: Mozilla/5.0 Host: prevedtraf.biz |
| http://xfvqogonsk.biz/dl/loadadv655.exe | GET /dl/loadadv655.exe HTTP/1.1 User-Agent: Mozilla/5.0 Host: xfvqogonsk.biz |
| http://www.realfreevideos.com/mt/mwwyg/s4g3/gallery5.php?id=777 | GET /mt/mwwyg/s4g3/gallery5.php?id=777 HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: www.realfreevideos.com |
IRC Traffic
No IRC traffic.SMTP Requests
No SMTP requests performed.
| File name | gallery5[1].htm |
|---|---|
| File Size | 0 bytes |
| File Type | empty |
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| CRC32 | 00000000 |
| Ssdeep | 3:: |
| Yara | None matched |
| File name | cmllpici.exe |
|---|---|
| File Size | 272 bytes |
| File Type | HTML document, ASCII text, with CRLF line terminators |
| MD5 | 6c5b935b6862eb802eac6b9e613e20e7 |
| SHA1 | 3ba5b03671797ee34f9d4ef881b9c77702d821e4 |
| SHA256 | adf094cf2ae80f541b386480aff70c9dadbdbbfd718ee5c8829d1e2710744527 |
| CRC32 | F9BF6900 |
| Ssdeep | 6:q43t0t1Ah/QRmApC0M8SIXqlhphGIdPmHQhXlJEaEbnAXfGb:T81Y/QDCL8ElgMRlyLAPGb |
| Yara | None matched |
| File name | malware.exe |
|---|---|
| File Size | 6293 bytes |
| File Type | MS-DOS executable, MZ for MS-DOS |
| MD5 | 448d7119e969648462ab4489238ad06b |
| SHA1 | 631b0bb27ce59f87c1ff4b7ad35ff279f28c8d4a |
| SHA256 | b29ae3ef25ffdf74ddfc679f024a9cb5ff7a27989da6f82d71823ddd19100496 |
| CRC32 | 41E02CF9 |
| Ssdeep | 192:ZbD+xDTcLKWgHK0BUUrUSpZ3JDMj0RALHt:ZbD+Gg9BrrUOZ3JDk0Kzt |
| Yara | None matched |
| File name | user@xfvqogonsk[1].txt |
|---|---|
| File Size | 90 bytes |
| File Type | ASCII text |
| MD5 | 520c82b45c99a4a30c2d0d70a6112fb8 |
| SHA1 | 06351acb917db42f97adef74c8f446e1e6353032 |
| SHA256 | 6ddbe21aa3460b0d4c8b56aa86933ccdbcff311ea9c4cc3a1efde0f69d8ec2dd |
| CRC32 | 64341AB6 |
| Ssdeep | 3:hEIX7RAXU7BYFk+q2IOOsXdMiQuM:hVX7VYF+2IzsN8uM |
| Yara | None matched |
| File name | user@realfreevideos[1].txt |
|---|---|
| File Size | 102 bytes |
| File Type | ASCII text |
| MD5 | 9f31a646f619c3a392446d46e182225f |
| SHA1 | ace6806dbb6e46b7eb33d6a24f443f2009c36893 |
| SHA256 | 3bd320ccb4ba88bd4b4f5c36f1b05d32f290599505c8862491c08e09583ddafe |
| CRC32 | 9C407468 |
| Ssdeep | 3:IWAIyRHSBAabKXhskZI0cSNTJU6QP46M:IWAICHyAaplQq7PfM |
| Yara | None matched |
Bummer! No comments yet.
You have to login to comment.