PDF

Print

ThreatScope Analysis Report

For file setup.exe uploaded 2013-02-21 at 12:07:53 PM

Threat level: Suspicious

This file is suspicious. Monitor communications from any machine that has run the file to detect suspicious behavior.

Threat Assessment

Traffic to uncategorized server

Writes to the filesystem in a directory of the user profile

Screenshots: None

File details:

Hash MD5

994da098a62905385af8481329bf7c70

File size

40.35 KB

Hash SHA-1

f6775d66ef5e1ce35634a0def4b2d4200e2d3b60

File uploaded

2013-02-21 12:07:53 PM

Hash SHA-256

44cf474a2c89e50159978444f82d66af2f199c653c46caaa9405d144031d5baa

Report created

2013-02-21 12:12:00 PM

Technical Details

Requested HTTP URLs

The analyzed file requests the following URLs.

URL

IP Address

Category

Details

May include user agent string, HTTP server, or encryption information.

Details

Method

Status

The first item is the response type (e.g. 200, meaning OK). The second item is the size of the response.

Status

MIME

The first item is the server-declared content type. The second item is the true content type.

MIME

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

eastsidetennisassociation.com/
l.htm?hFqr4tvhGj57grWwoDtPZ

74.220.215.229

United States

Uncategorized

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

404
171 B

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

eastsidetennisassociation.com/
l.htm?hFqr4tvhGj57grWwoDtPZ

74.220.215.229

United States

Uncategorized

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

GET

0
0 B

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

envirsoft.com/d.htm?VoUmsBHlhb
brTbr8AolmxD7tAnNU46HflGvxC

174.120.29.2

United States

Uncategorized

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

404
171 B

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

envirsoft.com/d.htm?VoUmsBHlhb
brTbr8AolmxD7tAnNU46HflGvxC

174.120.29.2

United States

Uncategorized

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

404
171 B

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

envirsoft.com/d.htm?VoUmsBHlhb
brTbr8AolmxD7tAnNU46HflGvxC

174.120.29.2

United States

Uncategorized

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

404
171 B

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

eastsidetennisassociation.com/
l.htm?hFqr4tvhGj57grWwoDtPZ

74.220.215.229

United States

Uncategorized

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

GET

0
0 B

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

beautiesofcanada.com/o.htm?25U
b7VRjcdPiIe6AtioksNHqthWfVz

66.96.145.104

United States

Uncategorized

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Nginx / Varnish

GET

404
160 B

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

magasin-shop.com/r.htm?btGLbzR
P4ZECQXReSXgrX2mzBMFpC2sBNu

66.96.160.143

United States

Uncategorized

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Nginx / Varnish

GET

404
160 B

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

eastsidetennisassociation.com/
l.htm?hFqr4tvhGj57grWwoDtPZ

74.220.215.229

United States

Dynamic Content

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

GET

0
0 B

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

eastsidetennisassociation.com/
l.htm?hFqr4tvhGj57grWwoDtPZ

74.220.215.229

United States

Uncategorized

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

404
516 B

text/html

couche-transport.comlu.com/j.h
tm?PA4uvjgpHpfFDLH24ubAHTpb

31.170.161.96

United States

Entertainment

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

302
0 B

text/html

envirsoft.com/d.htm?VoUmsBHlhb
brTbr8AolmxD7tAnNU46HflGvxC

174.120.29.2

United States

Dynamic Content

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

404
171 B

text/html

error404.000webhost.com/cpu-li
mit-reached.html

31.170.164.249

United Kingdom

Web Hosting

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

200
12.96 KB

text/html

envirsoft.com/d.htm?VoUmsBHlhb
brTbr8AolmxD7tAnNU46HflGvxC

174.120.29.2

United States

Uncategorized

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

Apache

GET

404
171 B

text/html

envirsoft.com/d.htm?VoUmsBHlhb
brTbr8AolmxD7tAnNU46HflGvxC

174.120.29.2

United States

Uncategorized

User agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTP Server:

GET

0
0 B

Resolved hostnames

The analyzed file used DNS to resolve the following hostnames.

Hostname

Category

IP address

couche-transport.comlu.com

Entertainment

31.170.161.96

error404.000webhost.com

Web Hosting

31.170.164.249

magasin-shop.com

Uncategorized

66.96.160.143

beautiesofcanada.com

Uncategorized

66.96.145.104

eastsidetennisassociation.com

Uncategorized

74.220.215.229

envirsoft.com

Uncategorized

174.120.29.2

IP addresses

The analyzed file requests the following IP addresses.

IP Address

ASN

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

31.170.161.96

AS47583 Hostinger International Limited

United States

74.220.215.229

AS46606 Unified Layer

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

74.220.215.229

AS46606 Unified Layer

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

174.120.29.2

AS21844 ThePlanet.com Internet Services, Inc.

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

174.120.29.2

AS21844 ThePlanet.com Internet Services, Inc.

United States

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

174.120.29.2

AS21844 ThePlanet.com Internet Services, Inc.

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

74.220.215.229

AS46606 Unified Layer

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

31.170.161.96

AS47583 Hostinger International Limited

United States

66.96.145.104

AS29873 The Endurance International Group, Inc.

United States

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.161.96

AS47583 Hostinger International Limited

United States

66.96.160.143

AS29873 The Endurance International Group, Inc.

United States

31.170.161.96

AS47583 Hostinger International Limited

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

74.220.215.229

AS46606 Unified Layer

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

74.220.215.229

AS46606 Unified Layer

United States

31.170.161.96

AS47583 Hostinger International Limited

United States

174.120.29.2

AS21844 ThePlanet.com Internet Services, Inc.

United States

31.170.164.249

AS47583 Hostinger International Limited

United Kingdom

174.120.29.2

AS21844 ThePlanet.com Internet Services, Inc.

United States

174.120.29.2

AS21844 ThePlanet.com Internet Services, Inc.

United States

File system modifications

The analyzed file changes the following items in the file system. This type of change can be performed by both malicious and benign files.

Event

File path

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#D.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#4.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#5.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#8.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#2.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#E.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#1.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#F.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#9.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#A.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#11.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#C.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#10.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#7.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#6.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#3.tmp

Writes file

\Device\HarddiskVolume1\Documents and Settings\victimo\Local Settings\Temp\~!#B.tmp

Process modifications

The analyzed file affected the following system processes.

Event

File path

Creates process

\Device\HarddiskVolume1\WINDOWS\system32\wscntfy.exe

Creates process

\Device\HarddiskVolume1\WINDOWS\system32\rundll32.exe

Creates process

\Device\HarddiskVolume1\WINDOWS\Temp\f6775d66ef5e1ce35634a0def4b2d4200e2d3b60.exe

Creates process

\Device\HarddiskVolume1\WINDOWS\explorer.exe

Registry

The analyzed file made the following changes to the Windows Registry. Malicious files often alter the registry to ensure that the malicious software runs at system startup.

Event

Key

Value

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

Data:

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6ac2bc2-bb99-11e1-9e4a-806d6172696f}\BaseClass

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6ac2bc0-bb99-11e1-9e4a-806d6172696f}\BaseClass

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy

Data:

Global system events


No global system events were detected.

Websense has made an effort to determine if your submission is malicious however, Websense cannot guarantee the accuracy of the result