File: e195d9547868621b66275aa803420668e84fa213412558848113142df69cb5fc
Metadata
| word.exe | |
| PE32 executable (GUI) Intel 80386, for MS Windows | 770048 bytes |
| 2016-04-19 00:26:12 | |
| b6ae19f313768a9cdda8ea930cad4c6e | |
| cd3591003527b8d3e4a2ebed472cd205702b802e | |
| e195d9547868621b66275aa803420668e84fa213412558848113142df69cb5fc | |
| a194c07d04b307d6b94845c5fb9613526f0cc5d1a82ccbcd2edc26d4bcaf1ff94fb07bbb8b6ca0d965770cbaf7e0f9df7432603d0ef74434c3fdf8672d047e04 | |
| 12288:f89km5mVz6Sq+oKrNL6x9lMzF6FYKLNAGCCVhgfXFBs0MibGQY8muN:bDEKrElMzFoYKLNASVms0MiIB | |
| 4661bd51a4e1c9f9d62971d03efa7e94 | |
| N/A | |
APTNotes
Cyber threat intelligence reports associated with e195d9547868621b66275aa803420668e84fa213412558848113142df69cb5fc.
Cyber threat intelligence reports associated with e195d9547868621b66275aa803420668e84fa213412558848113142df69cb5fc.
Domains
Domains the malware sample communicates with.
Domains the malware sample communicates with.
| Domain | IP |
|---|---|
| fioartd.com | N/A |
Hosts
Hosts the malware sample communicates with.
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
Registry keys created by the malware sample.
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
| HKEY_USERS\ |
| HKEY_USERS\\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_USERS\\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run |
| HKEY_USERS\\S-1-5-21-1547161642-507921405-839522115-1004\Software\AppDataLow\Software\Microsoft\FD95D1E9-385F-3719-2A81-EC5BFE45E0BF |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D} |
| HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
| HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions |
| HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat |
| HKEY_CLASSES_ROOT\.bat |
| HKEY_CLASSES_ROOT\batfile |
| HKEY_CLASSES_ROOT\batfile\CurVer |
| HKEY_CLASSES_ROOT\batfile\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
| HKEY_CLASSES_ROOT\batfile\\ShellEx\IconHandler |
| HKEY_CLASSES_ROOT\SystemFileAssociations\.bat |
| HKEY_CLASSES_ROOT\SystemFileAssociations\application |
| HKEY_CLASSES_ROOT\batfile\\Clsid |
| HKEY_CLASSES_ROOT\* |
| HKEY_CLASSES_ROOT\*\Clsid |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CLASSES_ROOT\Directory |
| HKEY_CLASSES_ROOT\Directory\CurVer |
| HKEY_CLASSES_ROOT\Directory\ |
| HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler |
| HKEY_CLASSES_ROOT\Directory\\Clsid |
| HKEY_CLASSES_ROOT\Folder |
| HKEY_CLASSES_ROOT\Folder\Clsid |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks |
| HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32 |
| HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InProcServer32 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers |
| HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes |
| HKEY_LOCAL_MACHINE\Software\Classes |
| \REGISTRY\USER |
| HKEY_LOCAL_MACHINE\Software\Classes\CLSID |
| CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} |
| CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32 |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServerX86 |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer32 |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandler32 |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandlerX86 |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} |
| HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} |
| CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC} |
| CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC} |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServer32 |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServerX86 |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer32 |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandler32 |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandlerX86 |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC} |
| HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Groove |
| HKEY_CURRENT_USER\SOFTWARE\Groove Networks, Inc.\Groove |
| HKEY_LOCAL_MACHINE\SOFTWARE\Groove Networks, Inc.\Groove |
| HKEY_LOCAL_MACHINE\SOFTWARE\Groove.OldData |
| HKEY_CURRENT_USER\SOFTWARE\Groove.OldData |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Groove\InstallRoot |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Groove |
| CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458} |
| CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458} |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32 |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServerX86 |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer32 |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandler32 |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandlerX86 |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458} |
| HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs |
| CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221} |
| CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221} |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServerX86 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer32 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandler32 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandlerX86 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221} |
| HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations |
| HKEY_CLASSES_ROOT\.ade |
| HKEY_CLASSES_ROOT\.adp |
| HKEY_CLASSES_ROOT\.app |
| HKEY_CLASSES_ROOT\.asp |
| HKEY_CLASSES_ROOT\.bas |
| CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
| CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs |
| \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
| \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 |
| \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86 |
| \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32 |
| \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32 |
| \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86 |
| \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
| HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs |
| HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\ |
| HKEY_LOCAL_MACHINE\System\Setup |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
| HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\ |
| HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\C\ |
| HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\ |
| HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\C |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\C |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\LevelObjects |
| {dda3f824-d8cb-441b-834d-be2efd2c1a33} |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004 |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 001 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Internet Explorer\Security |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{000C10F1-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{06C9E010-38CE-11D4-A2A3-00104BD35090} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{1A610570-38CE-11D4-A2A3-00104BD35090} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllIsMyFileType2 |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option |
| HKEY_CLASSES_ROOT\batfile\\shell\open |
| HKEY_CLASSES_ROOT\batfile\\shell\open\command |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\32.bat |
| HKEY_CLASSES_ROOT\batfile\\shell\open\ddeexec |
| HKEY_CLASSES_ROOT\Applications\32.bat |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
| HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\FD95D1E9-385F-3719-2A81-EC5BFE45E0BF |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName |
| ActiveComputerName |
| CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4} |
| CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs |
| \CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4} |
| \CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32 |
| \CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServerX86 |
| \CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer32 |
| \CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandler32 |
| \CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandlerX86 |
| \CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4} |
| HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List |
| CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2} |
| CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\TreatAs |
| \CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2} |
| \CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocServer32 |
| \CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocServerX86 |
| \CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\LocalServer32 |
| \CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocHandler32 |
| \CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocHandlerX86 |
| \CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2} |
| HKEY_CLASSES_ROOT\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\TreatAs |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B83AF3AB-4FED-45D1-A8B8-9E66F3411813} |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\MS TCP Loopback interface |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF |
| HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared |
| HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\FD95D1E9-385F-3719-2A81-EC5BFE45E0BF\Run |
| CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4} |
| CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\TreatAs |
| \CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4} |
| \CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\InprocServer32 |
| \CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\InprocServerX86 |
| \CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\LocalServer32 |
| \CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\InprocHandler32 |
| \CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\InprocHandlerX86 |
| \CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4} |
| HKEY_CLASSES_ROOT\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\TreatAs |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured\Active Directory GC |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured\Bigfoot |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured\VeriSign |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\VeriSign |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured\WhoWhere |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Shared |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express |
| CLSID\{7165C8AB-AF88-42BD-86FD-5310B4285A02} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\WAB\DLLPath |
| HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4 |
| HKEY_CURRENT_USER\Software\Microsoft\WAB\Wab File Name |
| HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Environment |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Volatile Environment |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections |
| HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\fioartd.com |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fioartd.com |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache |
| CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA} |
| CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\TreatAs |
| \CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA} |
| \CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\InprocServer32 |
| \CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\InprocServerX86 |
| \CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\LocalServer32 |
| \CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\InprocHandler32 |
| \CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\InprocHandlerX86 |
| \CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA} |
| HKEY_CLASSES_ROOT\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\TreatAs |
| HKEY_CURRENT_USER\Identities |
| HKEY_CURRENT_USER\Identities\{48FC7AFE-B9DD-4692-B12E-8A59C42FC44D} |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Identities |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Identities |
| HKEY_CURRENT_USER\Software\Microsoft\Windows Mail |
| HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail |
| HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ |
| HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\currentVersion\Time Zones\W. Europe Standard Time |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST |
| HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\FD95D1E9-385F-3719-2A81-EC5BFE45E0BF\Files |
Comments
User comments about e195d9547868621b66275aa803420668e84fa213412558848113142df69cb5fc.
User comments about e195d9547868621b66275aa803420668e84fa213412558848113142df69cb5fc.
