b2946daf...3c4d | IOCs
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Dropper
Downloader
Threat Names:
Trojan.GenericKDZ.69442
Trojan.GenericKDZ.69475
Trojan.Agent.EVAV
...

payload_1.doc

Word Document

Created at 2020-08-17T10:01:00

...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "30 seconds" to "10 seconds" to reveal dormant functionality.

Indicators

File (270)
»
Filename Hash Operations Category Severity
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Qieeyrekuc\xafpqko.exe MD5: 58b7e077fdcaae67670713374fe6e869
SHA1: 2cf12d3b8f62528bc1d02d2fe3b0e5a877676576
SHA256: 37790b6946072ccacb7cf9be694b962deee2c53818449eba20f450389d0cfa4a
SSDeep: 6144:VMhkpTK06/aA6udzpNi1yna2PiQ0erLeROSEGo89QNn/o8S2M1KpWwR+SHvRu4Tr:VMEK06CmNi1L54Z89QNNpJgC5j
ImpHash: - 		Access, Create, Read Downloaded File
Malicious
C:\Users\FD1HVy\Desktop\payload_1.doc MD5: f05fe39e81df5368c442a13202b4ab53
SHA1: 0087d1d0cdde6268a425ef6d546a77e3a120c0f5
SHA256: b2946daf21b5a0d9c70f32230f6e511ff4aeb939fc8f9a5d372a67f932483c4d
SSDeep: 6144:cfm2kjkjxuWiyKMUsTn8XBlKqqUY1BaE8D7h6JDAm30QWIOtfXuu4MCUlmoykTHt:cfm2hVuW7VgmUYSDevEbIOE7gFywyq+K
ImpHash: - 		Sample File
Malicious
C:\ProgramData\JHJKGHuggUGUGYYuyggg.vbs MD5: ad7b09adba59218ce485148faf21dc82
SHA1: 0a3851f903f7d928688e5ebeee13f6d5d921b4de
SHA256: 214fd312196dd5769f94ed778c50df1eaf49a5c8287c67edcf2fbd05dff02cb2
SSDeep: 1536:TC70ITO1lsleRKby43mmImmmmm/V1GRpCcPh45V7yJVx4wFc4PMo5Y1ns3wt:T5yO1lQ33mmImmmmmd14CTt1ns3wt
ImpHash: - 		Access, Write Dropped File
Blacklisted
vbaProject.bin MD5: cf8c43d0b64478708ccfa80aa8e87bc8
SHA1: aad4fb86e5cc03ded0aeba3e334569e95706b0a7
SHA256: a09c4e6ff2ee16e7b6cd1865e33147711f0f894ce99000937444da61dd36d50e
SSDeep: 1536:37WNeMBHx1GGd+CKtfSo4+oYFNaeI2bsuhNe4VTdRnTT8w4TWnqp:eeA3GGRwfkYFdhNe4VTdRnTT8w4TWnq
ImpHash: - 		Embedded File
Blacklisted
C:\BlotRots\djsfgytdftftyYFGfghffghYYTTT.cmd MD5: 2d63e5c7ff61a560f0cc7dccd0661bf6
SHA1: 995efc69bd84b193786de1a993ad7052f14e9542
SHA256: 94a12075382cb44133ba8dd51973b583d4c2514f7d3d7414ae4d9a92b5354584
SSDeep: 96:YSGSuSQSoSGScCSuSQSoSGScCSuSQSoSGScZNXt2fy8OtSuSQSoSGScCSuSQSoSc:SYfmm
ImpHash: - 		Access, Create, Write Dropped File
Unknown
C:\ProgramData\UIYUIYUIYuiyuiYUIYYuyty.vbs MD5: f07e30c22ead3c49606617eb04fbf9c7
SHA1: 539dbd8cda2c1e6ada7a02e146c33b5aae7b1099
SHA256: 4639cb4ccdef149ef325770ccf4fff658b7cb528d71661113dbfe9e1c683dbf9
SSDeep: 24:v1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1p1:t
ImpHash: - 		Access, Write Dropped File
Unknown
C:\Users\FD1HVy\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache MD5: ee5c425bd4738521f177f2a418bb1745
SHA1: dbfa3fa1dd387290394fdfa19e163a2ef774567a
SHA256: 1675997a7f2dbab63b955889ece8d81e0331e25a0b551f8fd563e04b1bc3cb9e
SSDeep: 768:jUpAa5BHMrxbfrRJPFh48Fq3ThRW/Y+e+jH0qlwKH/mYohV3IpNBQkj2As454Z6D:jUpAa5RMrxbflJdh4thRW/3e+jH0qWKh
ImpHash: - 		Access, Create, Read, Write Modified File
Unknown
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Qieeyrekuc\xafpqko.dat MD5: 2cf2ace32a9a9c6aebed3975a41b1a27
SHA1: d8a1df54794ee12b36051e1a6ae087c0dece6179
SHA256: eed8ec8e5b9e3133ceff1f87e6b4174e99a8029c5d4ab1c6a3953d1a8807cd32
SSDeep: 3:ywhtsGz4/26kbhKjq8+LP35pPsn:yUtsG8Ebh98+L356
ImpHash: - 		Access, Create, Read, Write Dropped File
Unknown
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Qieeyrekuc\xafpqko.dat MD5: 2c863d3b50ac48b86a109f24d84179c6
SHA1: f64fe619cd5de1979287e6f6bf2bc354fbc0b666
SHA256: 9df5fc5f7b4db8881976cc92e377e5d51bcfb74c76b92a965c9e343d47b9cf50
SSDeep: 3:GnvLPCJCQicY2VlvE88MhA55lf0l9PZn:Gv7KCQicY2d8MhA1ynn
ImpHash: - 		Dropped File
Unknown
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Qieeyrekuc\xafpqko.dat MD5: c658fbd34b9297e83d153ef2acc802bf
SHA1: 1627bbc3a3fe41794f59f31699e09c5704c7b3c8
SHA256: b0d2bf6da08350e1bd794d94f09567798e77491658b4a12f1d4baf9e9f228047
SSDeep: 3:wLqwG20JY2VlvE88MhA55lf0l9PZltsrpUHyWhxxLegOUR95HFp8Y79tvLn:wLqwhIY2d8MhA1ynQrmyRgnEY7HL
ImpHash: - 		Dropped File
Unknown
document.xml MD5: b6608e351be97da6ac46b15cdb208f13
SHA1: 98030b0d51b8fb18acbc17eee76ea43c4ad16251
SHA256: 2689c777d804cc65a09bee259cbc39256390c3ad6e9f1794d794e3b1d361d662
SSDeep: 1536:UYRGs41wV1NPAYkD2JDVhGI2JDVPPAYkD2JDVCAYkD2JDVhGaa:CD
ImpHash: - 		Embedded File
Unknown
endnotes.xml MD5: 5da516c9bd0e29ec357c52fcf4a5f5c2
SHA1: 5ead4ecd9b7329c8a80d668be2e1219dd5f4f185
SHA256: 9294de934df9fa2b8aa261e9abf071b5ef2c023e368125a6f23b4a8fdfd598be
SSDeep: 48:cpv+Bc6mNYYNEbz+qliS+Q+H+Uv+L+pNRQmTRQl:Usc6mmY+bzZliSfiZoBhl
ImpHash: - 		Embedded File
Unknown
footnotes.xml MD5: 2282ed85cfc02646ca526f0a14924316
SHA1: 99c1ec3815701a65d2f496296e2bb542e102709c
SHA256: 3c821e90238f6699f44ae71ec451d8ddd6663f60747dbb01dc376e2a118f4086
SSDeep: 48:c4v+Bc6mNYYNEbz+qliS+Q+H+Uv+L+p4zRQ1ITRQh:9sc6mmY+bzZliSfiZoRK1bh
ImpHash: - 		Embedded File
Unknown
image1.png MD5: a867b95c7f735b6ac1f235e4dec72485
SHA1: 854a1a8f5178f6e696bb245007b9903906b4af14
SHA256: fa285309506d70241db1db739c39e428c3eb88dc1229a80bcf15c36f5f71e6c2
SSDeep: 6144:axuWiyKMUsTn8XBlKqqUY1BaE8D7h6JDAm30QWIOtfXuu4MCUlmoykTHSqSrg:muW7VgmUYSDevEbIOE7gFywyqv
ImpHash: - 		Embedded File
Unknown
settings.xml MD5: ac75e026443cd05ae30409eec12d9e10
SHA1: a3dc71d64153da89fc83998fc33c16574dbdc194
SHA256: 8558d5db67061bd559d38e9532fce71240db0f9fe962e6521c2231917b680c1c
SSDeep: 96:+c6mmY+bliStHhm93QxN9xbufLlxzuZRRaKTrIYtisqt99Q4SQga9S:+xmmY+gsHQ9ortisqt99Q4SQga9S
ImpHash: - 		Embedded File
Unknown
C:\BlotRots\Loterios.exe MD5: 159ab34f06af279ef3f57c2ceadb9768
SHA1: dcabf4bba851e92d45e5a60390bb4eb2b1ef5fd4
SHA256: c0f9cc1663b74a106c5c3356988ffa42d64f9c941ef9cb46aabf16ce8a213baf
SSDeep: 384:qP3sr4k8HXLiZi20WSIYWfiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiLiiiiir9:fYig29i
ImpHash: 888263dd2e0b3db374c7948581a974ed 		Access, Create, Write Dropped File
Whitelisted
C:\Users\FD1HVy\AppData\Local\Temp\__PSScriptPolicyTest_gbvqg2du.z4l.ps1 MD5: c4ca4238a0b923820dcc509a6f75849b
SHA1: 356a192b7913b04c54574d18c28d46e6395428ab
SHA256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SSDeep: 3:U:U
ImpHash: - 		Access, Create, Delete, Write Dropped File
Whitelisted
"C:\BlotRots\djsfgytdftftyYFGfghffghYYTTT.cmd" - Access
Not Available
C:\ - Access
Not Available
C:\BlotRots - Access
Not Available
C:\BlotRots\Loterios.exe.cfg - Access
Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psd1 - Access
Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1 - Access
Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1 - Access
Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psm1 - Access
Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1 - Access
Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psm1 - Access
Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1 - Access
Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1 - Access
Not Available
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.cdxml - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.ni.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.psm1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.xaml - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Modules.cdxml - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Modules.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Modules.ni.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Modules.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Modules.psm1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Modules.xaml - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadLine.psm1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\PSReadLine.psm1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\PSReadline.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.cdxml - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.ni.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.psm1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.xaml - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.cdxml - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.ni.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psm1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.xaml - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psm1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psm1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.cdxml - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.ni.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.psm1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.xaml - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.cdxml - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.ni.dll - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psm1 - Access
Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.xaml - Access
Not Available
C:\ProgramData - Access
Not Available
C:\ProgramData\Oracle\Java\javapath - Access
Not Available
C:\Users\FD1HVy - Access
Not Available
C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps - Access
Not Available
C:\Users\FD1HVy\AppData\Local\Microsoft\Windows\PowerShell - Access
Not Available
C:\Users\FD1HVy\AppData\Local\Temp\ - Access
Not Available
C:\Users\FD1HVy\AppData\Local\Temp\VBE - Access, Create
Not Available
C:\Users\FD1HVy\AppData\Local\Temp\Word8.0 - Access, Create
Not Available
C:\Users\FD1HVy\AppData\Local\Temp\~xafpqko.tmp - Access, Create
Not Available
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Qieeyrekuc - Access, Create
Not Available
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Qieeyrekuc\chcwbgvooi.jzc - Access
Not Available
C:\Users\FD1HVy\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 - Access
Not Available
C:\Users\FD1HVy\Documents\WindowsPowerShell\Modules - Access
Not Available
C:\Users\FD1HVy\Documents\WindowsPowerShell\profile.ps1 - Access
Not Available
C:\WINDOWS - Access
Not Available
C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll - Access
Not Available
C:\WINDOWS\SysWOW64\explorer.exe - Access
Not Available
C:\WINDOWS\System32\WScript.exe - Access
Not Available
C:\WINDOWS\System32\Wbem - Access
Not Available
C:\WINDOWS\System32\WindowsPowerShell\v1.0\ - Access
Not Available
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe - Access
Not Available
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe.config - Access
Not Available
C:\WINDOWS\System32\calc.exe - Access
Not Available
C:\WINDOWS\system32 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AppBackgroundTask - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AppLocker - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AppLocker\AppLocker.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AppvClient - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AppvClient\AppvClient.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Appx - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Appx\Appx.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AssignedAccess - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitLocker - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\BitsTransfer.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BranchCache - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCache.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\CimCmdlets - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\CimCmdlets\CimCmdlets.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ConfigCI - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Defender - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DeliveryOptimization - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Dism - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Dism\Dism.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DnsClient - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DnsClient\DnsClient.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\EventTracingManagement - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\EventTracingManagement\EventTracingManagement.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ISE - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ISE\ISE.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\International - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\International\International.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Kds - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Kds\Kds.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\MMAgent - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\MSMQ - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Management - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Utility - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\Microsoft.PowerShell.Diagnostics.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host\Microsoft.PowerShell.Host.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Commands.Management.dll - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Commands.Management.dll\Microsoft.PowerShell.Commands.Management.dll - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1 - Access, Read
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\PSGetModuleInfo.xml - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\en-US\Microsoft.PowerShell.Management.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\en\Microsoft.PowerShell.Management.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\Microsoft.PowerShell.ODataUtils.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Commands.Utility.dll - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Commands.Utility.dll\Microsoft.PowerShell.Commands.Utility.dll - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1 - Access, Read
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\PSGetModuleInfo.xml - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\en-US\Microsoft.PowerShell.Utility.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\en\Microsoft.PowerShell.Utility.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\Microsoft.WSMan.Management.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.cdxml - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.dll - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.ni.dll - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.psm1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.xaml - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\MsDtc - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\MsDtc\MsDtc.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetAdapter - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetAdapter\NetAdapter.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetConnection - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetConnection\NetConnection.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetEventPacketCapture - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetEventPacketCapture\NetEventPacketCapture.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetLbfo - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetLbfo\NetLbfo.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetNat - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetNat\NetNat.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetQos - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetQos\NetQos.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetSecurity - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetSecurity.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetSwitchTeam - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetSwitchTeam\NetSwitchTeam.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetTCPIP - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetTCPIP\NetTCPIP.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus\NetworkConnectivityStatus.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetworkSwitchManager - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetworkTransition - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetworkTransition\NetworkTransition.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PKI - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PKI\PKI.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDiagnostics - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSScheduledJob - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSScheduledJob\PSScheduledJob.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSWorkflow - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSWorkflowUtility - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PcsvDevice - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PnpDevice - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PnpDevice\PnpDevice.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PrintManagement - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\PrintManagement.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Provisioning - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ScheduledTasks - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ScheduledTasks\ScheduledTasks.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SecureBoot - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SecureBoot\SecureBoot.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbWitness - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\StartLayout - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Storage - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Storage\Storage.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\TLS - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\TLS\TLS.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\TroubleshootingPack - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\TroubleshootingPack.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\TrustedPlatformModule.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\UEV - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\UEV\UEV.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\VpnClient - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\VpnClient\VpnClient.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Wdac - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Wdac\Wdac.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsDeveloperLicense - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsDeveloperLicense\WindowsDeveloperLicense.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\WindowsErrorReporting.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\WindowsErrorReporting.psm1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsSearch - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsUpdate - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsUpdate\WindowsUpdate.psd1 - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\iSCSI - Access
Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\iSCSI\iSCSI.psd1 - Access
Not Available
C:\WINDOWS\system32\cmd.exe - Access
Not Available
C:\WINDOWS\system32\timeout.exe - Access
Not Available
C:\WINDOWS\system32\wldp.dll - Access
Not Available
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config - Access, Read
Not Available
C:\Windows\SysWOW64\cmd.exe - Access
Not Available
C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1 - Access
Not Available
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 - Access, Read
Not Available
C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1 - Access
Not Available
CONOUT$ - Access
Not Available
Normal - Access
Not Available
\??\C:\BlotRots\djsfgytdftftyYFGfghffghYYTTT.cmd - Access
Not Available
\??\C:\ProgramData\JHJKGHuggUGUGYYuyggg.vbs - Access
Not Available
\??\C:\ProgramData\UIYUIYUIYuiyuiYUIYYuyty.vbs - Access
Not Available
ping.exe - Access
Not Available
Registry (223)
»
Registry Key Name Operations
HKEY_CLASSES_ROOT\.vbs Access, Read
HKEY_CLASSES_ROOT\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\DesignerFeatures Access
HKEY_CLASSES_ROOT\Clsid\{09428D37-E0B9-11D2-B147-00C04F79FAA6} Access
HKEY_CLASSES_ROOT\Clsid\{09AEFF11-69EF-11D3-BD4D-00C04F6EA5AE} Access
HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69} Access
HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\Control Access
HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{25B29D27-197E-4E3C-B420-964C8D240142} Access
HKEY_CLASSES_ROOT\Clsid\{47DEA830-D619-4154-B8D8-6B74845D6A2D} Access
HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080} Access
HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080}\Control Access
HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{5F9CFD93-8CAD-11D3-9A7E-00C04F8EFB70} Access
HKEY_CLASSES_ROOT\Clsid\{61CECF11-FC3A-11D2-A1CD-005004602752} Access
HKEY_CLASSES_ROOT\Clsid\{6342FCED-25EA-4033-BDDB-D049A14382D3} Access
HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100} Access
HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100}\Control Access
HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{6B28F900-8D64-4B80-9963-CC52DDD1FBB4} Access
HKEY_CLASSES_ROOT\Clsid\{6BF52A52-394A-11D3-B153-00C04F79FAA6} Access
HKEY_CLASSES_ROOT\Clsid\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\Control Access
HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074} Access
HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074}\Control Access
HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074} Access
HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074}\Control Access
HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074} Access
HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074}\Control Access
HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{8627E73B-B5AA-4643-A3B0-570EDA17E3E7} Access
HKEY_CLASSES_ROOT\Clsid\{8627E73B-B5AA-4643-A3B0-570EDA17E3E7}\Control Access
HKEY_CLASSES_ROOT\Clsid\{87291B51-0C8E-11D3-BB2A-00A0C93CA73A} Access
HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074} Access
HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074}\Control Access
HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074} Access
HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074}\Control Access
HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F} Access
HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\Control Access
HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{93EB32F5-87B1-45AD-ACC6-0F2483DB83BB} Access
HKEY_CLASSES_ROOT\Clsid\{95F45AA3-ED0A-11D2-BA67-0000F80855E6} Access
HKEY_CLASSES_ROOT\Clsid\{A8A55FAC-82EA-4BD7-BD7B-11586A4D99E4} Access
HKEY_CLASSES_ROOT\Clsid\{AE3B6831-25A9-11D3-BD41-00C04F6EA5AE} Access
HKEY_CLASSES_ROOT\Clsid\{AE7BFAFE-DCC8-4A73-92C8-CC300CA88859} Access
HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4} Access
HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4}\Control Access
HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{BAB3768B-8883-4AEC-9F9B-E14C947913EF} Access
HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 Access
HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32\ThreadingModel Access, Read
HKEY_CLASSES_ROOT\Clsid\{D50FED35-0A08-4B17-B3E0-A8DD0EDE375D} Access
HKEY_CLASSES_ROOT\Clsid\{D50FED35-0A08-4B17-B3E0-A8DD0EDE375D}\Control Access
HKEY_CLASSES_ROOT\Clsid\{D50FED35-0A08-4B17-B3E0-A8DD0EDE375D}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{D9DE732A-AEE9-4503-9D11-5605589977A8} Access
HKEY_CLASSES_ROOT\Clsid\{DDDA102E-0E17-11D3-A2E2-00C04F79F88E} Access
HKEY_CLASSES_ROOT\Clsid\{ECF44975-786E-462F-B02A-CBCCB1A2C4A2} Access
HKEY_CLASSES_ROOT\Clsid\{ECF44975-786E-462F-B02A-CBCCB1A2C4A2}\Control Access
HKEY_CLASSES_ROOT\Clsid\{ECF44975-786E-462F-B02A-CBCCB1A2C4A2}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{F2BF2C90-405F-11D3-BB39-00A0C93CA73A} Access
HKEY_CLASSES_ROOT\Clsid\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Access
HKEY_CLASSES_ROOT\Clsid\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\Control Access
HKEY_CLASSES_ROOT\Clsid\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\Insertable Access
HKEY_CLASSES_ROOT\Clsid\{FC1880CF-83B9-43A7-A066-C44CE8C82583} Access
HKEY_CLASSES_ROOT\Licenses Access
HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7 Access, Read
HKEY_CLASSES_ROOT\TypeLib Access
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} Access
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 Access
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 Access
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 Access, Read
HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} Access
HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2 Access
HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9 Access
HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64 Access, Read
HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} Access
HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 Access
HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 Access
HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64 Access, Read
HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409 Access
HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\9 Access
HKEY_CLASSES_ROOT\TypeLib\{0AF7F3BE-8EA9-4816-889E-3ED22871FE05} Access
HKEY_CLASSES_ROOT\TypeLib\{0AF7F3BE-8EA9-4816-889E-3ED22871FE05}\1.0 Access
HKEY_CLASSES_ROOT\TypeLib\{0AF7F3BE-8EA9-4816-889E-3ED22871FE05}\1.0\0 Access
HKEY_CLASSES_ROOT\TypeLib\{0AF7F3BE-8EA9-4816-889E-3ED22871FE05}\1.0\0\win64 Access, Read
HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} Access
HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0 Access
HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0 Access
HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64 Access, Read
HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} Access
HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 Access
HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 Access
HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 Access, Read
HKEY_CLASSES_ROOT\TypeLib\{6BF52A50-394A-11D3-B153-00C04F79FAA6} Access
HKEY_CLASSES_ROOT\TypeLib\{6BF52A50-394A-11D3-B153-00C04F79FAA6}\1.0 Access
HKEY_CLASSES_ROOT\TypeLib\{6BF52A50-394A-11D3-B153-00C04F79FAA6}\1.0\0 Access
HKEY_CLASSES_ROOT\TypeLib\{6BF52A50-394A-11D3-B153-00C04F79FAA6}\1.0\0\win32 Access, Read
HKEY_CLASSES_ROOT\TypeLib\{6BF52A50-394A-11D3-B153-00C04F79FAA6}\1.0\0\win64 Access, Read
HKEY_CLASSES_ROOT\VBSFile\ScriptEngine Access, Read
HKEY_CURRENT_USER Access
HKEY_CURRENT_USER\Environment Access
HKEY_CURRENT_USER\Environment\PSMODULEPATH Access, Read
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CodeIntegrity Access
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings Access
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\AmsiEnable Access, Read
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Access
HKEY_CURRENT_USER\Software\Microsoft\Command Processor Access
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common Access, Create
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\AlignToGrid Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BackGroundCompile Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BackgroundProjectLoad Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BreakOnAllErrors Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BreakOnServerErrors Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\CollapseWindows Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\CompileOnDemand Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\CtlsShowSelected Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\Designers Access
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\Dock Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\DsnShowSelected Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\FolderView Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\GridHeight Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\GridWidth Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\MainWindow Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\MdiMaximized Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\NotifyUserBeforeStateLoss Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\PropertiesWindow Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\ReadOnlyMode Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\RequireDeclaration Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\SaveBeforeRun Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\ShowGrid Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\ShowToolTips Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\Tool Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\ToolboxControls Access
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\UI Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\UpgradeVBX Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\VbaCapability Access, Read
HKEY_CURRENT_USER\Software\Microsoft\VBA\VBE\6.0\Addins64 Access
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings Access, Create
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\DisplayLogo Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Enabled Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Timeout Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\TrustPolicy Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\UseWINSAFER Access, Read
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ConsoleSessionConfiguration Access
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging Access
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging Access
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\Transcription Access
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System Access
HKEY_LOCAL_MACHINE Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\LegacyWPADSupport Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\PipelineMaxStackSizeMB Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1051304884-625712362-2192934891-1000 Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1051304884-625712362-2192934891-1000\ProfileImagePath Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Access
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DefaultTTL Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine Access
HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine\ApplicationBase Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\InstallationType Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings Access, Create
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\DisplayLogo Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\Enabled Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\IgnoreUserSettings Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\Timeout Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\TrustPolicy Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\UseWINSAFER Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WSMAN Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WSMAN\ServiceStackVersion Access, Read
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ConsoleSessionConfiguration Access
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging Access
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging Access
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\Transcription Access
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Winevt\Publishers\{816ebd75-f7ab-59c0-e2f0-bddfeed66ac2} Access
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment Access
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PSMODULEPATH Access, Read
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\__PSLockdownPolicy Access, Read
HKEY_PERFORMANCE_DATA Access
Mutex (5)
»
Mutex Name Operations
Access
Global\{4D1D9C61-769F-4781-A3DF-A2E3ACFF6A77} Access
Global\{A2BFDB87-353A-4FF0-949C-48D58EAD9552} Access
Global\{A7769AE9-77E1-4B28-9E3D-FAC58A61B7B9} Access
pptfigba Access
Domain (1)
»
Domain Sources Severity
rijschoolfastandserious.nl Function Log, PCAP
Unknown
URL (1)
»
URL Operations Category Severity
http://rijschoolfastandserious.nl/rprmloaw/111111.png GET Contacted
Blacklisted
IP (2)
»
IP Protocols Sources
127.0.0.1 DNS Function Log
185.104.29.52 DNS, TCP, HTTP Function Log, PCAP
Export to TXT Export to JSON
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image