PDF

Print

ThreatScope Analysis Report

For file 86c79538598f06754fd20027705b740444616834 uploaded 2013-11-06 at 01:22:48 PM

Threat level: Suspicious

This file is suspicious. Monitor communications from any machine that has run the file to detect suspicious behavior.

Threat Assessment

Writes to the filesystem in a directory of the user profile often used by malware

Executes the Windows command shell program

Screenshots:

File details:

Hash MD5

5ba7ed3956f76df0e12b8ae7985aa171

File size

282.22 KB

Hash SHA-1

373038c199efffd7c35d624e374af32ab1cd3f04

File uploaded

2013-11-06 01:22:48 PM

Hash SHA-256

8ae9d6a7e0ed2cb2818ea5b26a3b6fffe51b01637e84e9a1f503a718ca1e1448

Report created

2013-11-06 01:22:50 PM

Technical Details

Requested HTTP URLs


No HTTP communications were detected.

Resolved hostnames


DNS was not used to resolve any hostnames.

IP addresses


No IP addresses were requested.

File system modifications

The analyzed file changes the following items in the file system. This type of change can be performed by both malicious and benign files.

Event

File path

Writes file

C:\Documents and Settings\victimo\Application Data\Microsoft\Templates\~$Normal.dotm

Writes file

C:\Documents and Settings\victimo\Application Data\Microsoft\Office\Recent\victimo.LNK

Writes file

C:\Documents and Settings\victimo\Application Data\Microsoft\Office\Recent\ISI.LNK

Writes file

C:\Documents and Settings\victimo\Application Data\Microsoft\Office\Recent\index.dat

Writes file

C:\Documents and Settings\victimo\Start Menu\Programs\Startup\HddLink.lnk

Writes file

C:\Documents and Settings\victimo\Updates.exe

Writes file

C:\Documents and Settings\victimo\ISI.doc

Writes file

C:\Documents and Settings\victimo\Local Settings\Temp\HddLink.lnk

Writes file

C:\Documents and Settings\victimo\Start Menu\Programs\Startup\HddLink.lnk

Writes file

C:\Documents and Settings\victimo\Application Data\Microsoft\Templates\~$Normal.dotm

Writes file

C:\Documents and Settings\victimo\Local Settings\Temporary Internet Files\Content.Word\~WRS{753D413B-B3E6-4B99-B4AE-E794E98CCE15}.tmp

Writes file

C:\Documents and Settings\victimo\Local Settings\Temp\iconfall.log

Writes file

C:\Documents and Settings\victimo\~$ISI.doc

Writes file

C:\Documents and Settings\victimo\Application Data\Microsoft\Office\Recent\victimo.LNK

Writes file

C:\Documents and Settings\victimo\Application Data\Microsoft\Office\Recent\ISI.LNK

Writes file

C:\Documents and Settings\victimo\Application Data\Microsoft\Office\Recent\index.dat

Process modifications

The analyzed file affected the following system processes.

Event

File path

Creates process

C:\WINDOWS\explorer.exe

Creates process

C:\WINDOWS\Temp\373038c199efffd7c35d624e374af32ab1cd3f04.exe

Creates process

C:\Documents and Settings\victimo\Updates.exe

Creates process

C:\WINDOWS\system32\cmd.exe

Creates process

C:\WINDOWS\system32\xcopy.exe

Creates process

C:\WINDOWS\system32\cmd.exe

Creates process

C:\WINDOWS\system32\xcopy.exe

Creates process

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

Creates process

C:\WINDOWS\system32\cmd.exe

Creates process

C:\WINDOWS\system32\ipconfig.exe

Creates process

C:\WINDOWS\system32\wbem\wmiadap.exe

Creates process

C:\WINDOWS\system32\wbem\wmiprvse.exe

Registry

The analyzed file made the following changes to the Windows Registry. Malicious files often alter the registry to ensure that the malicious software runs at system startup.

Event

Key

Value

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\WinRAR SFX\C%%Documents and Settings%victimo

Data:

C:\Documents and Settings\victimo

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal

Data:

C:\Documents and Settings\victimo\My Documents

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\BaseClass

Data:

Drive

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\BaseClass

Data:

Drive

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents

Data:

C:\Documents and Settings\All Users\Documents

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop

Data:

C:\Documents and Settings\victimo\Desktop

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop

Data:

C:\Documents and Settings\All Users\Desktop

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData

Data:

C:\Documents and Settings\All Users\Application Data

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData

Data:

C:\Documents and Settings\victimo\Local Settings\Application Data

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache

Data:

C:\Documents and Settings\victimo\Local Settings\Temporary Internet Files

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies

Data:

C:\Documents and Settings\victimo\Cookies

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\victimo\Updates.exe

Data:

Windows NT Application

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119E20000000000000000F01FEC\Usage\WORDFiles

Data:

1130627088

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup

Data:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup

Data:

C:\Documents and Settings\victimo\Start Menu\Programs\Startup

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\BaseClass

Data:

Drive

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\BaseClass

Data:

Drive

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal

Data:

C:\Documents and Settings\victimo\My Documents

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents

Data:

C:\Documents and Settings\All Users\Documents

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop

Data:

C:\Documents and Settings\victimo\Desktop

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop

Data:

C:\Documents and Settings\All Users\Desktop

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu

Data:

C:\Documents and Settings\victimo\Start Menu

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu

Data:

C:\Documents and Settings\All Users\Start Menu

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData

Data:

C:\Documents and Settings\All Users\Application Data

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData

Data:

C:\Documents and Settings\victimo\Application Data

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Pictures

Data:

C:\Documents and Settings\victimo\My Documents\My Pictures

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonPictures

Data:

C:\Documents and Settings\All Users\Documents\My Pictures

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonMusic

Data:

C:\Documents and Settings\All Users\Documents\My Music

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonVideo

Data:

C:\Documents and Settings\All Users\Documents\My Videos

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache

Data:

C:\Documents and Settings\victimo\Local Settings\Temporary Internet Files

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies

Data:

C:\Documents and Settings\victimo\Cookies

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

Data:

Microsoft Office Word

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\$-#

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Office\12.0\Common\LanguageResources\EnabledLanguages\1033

Data:

Off

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119E20000000000000000F01FEC\Usage\WORDFiles

Data:

1130627089

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119E20000000000000000F01FEC\Usage\ProductFiles

Data:

1130627086

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData

Data:

C:\Documents and Settings\victimo\Application Data

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData

Data:

C:\Documents and Settings\All Users\Application Data

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Office\12.0\Word\MTTT

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119E20000000000000000F01FEC\Usage\EXCELFiles

Data:

1130627087

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\<.#

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop

Data:

C:\Documents and Settings\victimo\Desktop

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\BaseClass

Data:

Drive

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\BaseClass

Data:

Drive

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal

Data:

C:\Documents and Settings\victimo\My Documents

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents

Data:

C:\Documents and Settings\All Users\Documents

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop

Data:

C:\Documents and Settings\All Users\Desktop

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache

Data:

C:\Documents and Settings\victimo\Local Settings\Temporary Internet Files

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryCount

Data:

16

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\TypesSupported

Data:

7

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData

Data:

C:\Documents and Settings\victimo\Local Settings\Application Data

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Office\12.0\Common\Licensing\0638C49DBB8B4CD1B191051E8F325736

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\w0#

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Office\12.0\Common\ReviewCycle\ReviewToken

Data:

{15E198C0-11D4-40E4-9AD8-B06DBBC8BAD8}

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Office\12.0\Word\File MRU\Item 1

Data:

[F00000000][T01CED9AB100C2730]*C:\Documents and Settings\victimo\ISI.doc

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Office\12.0\Word\Resiliency\DocumentRecovery\549E\549E

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F100A0C00000000000F01FEC\Usage\SpellingAndGrammarFiles_3082

Data:

1130627076

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10090400000000000F01FEC\Usage\SpellingAndGrammarFiles_1033

Data:

1130627077

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F100C0400000000000F01FEC\Usage\SpellingAndGrammarFiles_1036

Data:

1130627077

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu

Data:

C:\Documents and Settings\victimo\Start Menu

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu

Data:

C:\Documents and Settings\All Users\Start Menu

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Pictures

Data:

C:\Documents and Settings\victimo\My Documents\My Pictures

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonPictures

Data:

C:\Documents and Settings\All Users\Documents\My Pictures

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonMusic

Data:

C:\Documents and Settings\All Users\Documents\My Music

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonVideo

Data:

C:\Documents and Settings\All Users\Documents\My Videos

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies

Data:

C:\Documents and Settings\victimo\Cookies

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.0\1033\Options Version

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.0\1033\Option Set 0\Name

Data:

Grammar & Style

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.0\1033\Option Set 0\Data

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.0\1033\Option Set 1\Name

Data:

Grammar Only

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.0\1033\Option Set 1\Data

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History

Data:

C:\Documents and Settings\victimo\Local Settings\History

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable

Data:

0

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable

Data:

0

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\system32\advapi32.dll[MofResourceName]

Data:

LowDateTime:-403963648,HighDateTime:29653437***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\system32\DRIVERS\ACPI.sys[ACPIMOFResource]

Data:

LowDateTime:-1419454208,HighDateTime:29653422***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\system32\DRIVERS\mssmbios.sys[MofResource]

Data:

LowDateTime:721069056,HighDateTime:29653439***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\system32\DRIVERS\pcntpci5.sys[NdisMofResource]

Data:

LowDateTime:-1403039488,HighDateTime:29435602***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\system32\DRIVERS\ipnat.sys[IPNATMofResource]

Data:

LowDateTime:1215513088,HighDateTime:29653422***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\System32\Drivers\HTTP.sys[UlMofResource]

Data:

LowDateTime:-1564486912,HighDateTime:29653421***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Updating

Data:

WmiApRpl

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last Counter

Data:

3360

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last Help

Data:

3361

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl\Performance\Last Counter

Data:

3366

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl\Performance\Last Help

Data:

3367

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl\Performance\First Counter

Data:

3362

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl\Performance\First Help

Data:

3363

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl\Performance\Object List

Data:

3362

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\system32\advapi32.dll[MofResourceName]

Data:

LowDateTime:-403963648,HighDateTime:29653437***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\system32\DRIVERS\ACPI.sys[ACPIMOFResource]

Data:

LowDateTime:-1419454208,HighDateTime:29653422***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\system32\DRIVERS\mssmbios.sys[MofResource]

Data:

LowDateTime:721069056,HighDateTime:29653439***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\system32\DRIVERS\ipnat.sys[IPNATMofResource]

Data:

LowDateTime:1215513088,HighDateTime:29653422***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\System32\Drivers\HTTP.sys[UlMofResource]

Data:

LowDateTime:-1564486912,HighDateTime:29653421***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\system32\DRIVERS\pcntpci5.sys[NdisMofResource]

Data:

LowDateTime:-1403039488,HighDateTime:29435602***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance Refresh

Data:

0

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance Refreshed

Data:

1

Global system events


No global system events were detected.

Forcepoint has made an effort to determine if your submission is malicious however, Forcepoint cannot guarantee the accuracy of the result