What is xyz.exe?
xyz.exe is usually located in the 'c:\downloads\' folder.
Some of the anti-virus scanners at VirusTotal detected xyz.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Digital signatures [?]
xyz.exe is not signed.
VirusTotal report
42 of the 64 anti-virus programs at VirusTotal detected the xyz.exe file. That's a 66% detection rate.
| Scanner | Detection Name |
|---|---|
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Strictor.127840 |
| AhnLab-V3 | Trojan/Win32.PcClient.C11136 |
| ALYac | Gen:Variant.Strictor.127840 |
| Antiy-AVL | Trojan/Win32.Occamy |
| Arcabit | Trojan.Strictor.D1F360 |
| Avast | Win32:Trojan-gen |
| AVG | Win32:Trojan-gen |
| Avira | TR/Crypt.XPACK.Gen |
| BitDefender | Gen:Variant.Strictor.127840 |
| CAT-QuickHeal | Trojan.Multi |
| ClamAV | Win.Trojan.Packed-126 |
| Comodo | TrojWare.Win32.Swizzor.~d001@1qm878 |
| CrowdStrike | win/malicious_confidence_80% (W) |
| Cybereason | malicious.52961d |
| Cyren | W32/Heuristic-162!Eldorado |
| DrWeb | Trojan.Hosts.45662 |
| Emsisoft | Gen:Variant.Strictor.127840 (B) |
| Endgame | malicious (high confidence) |
| ESET-NOD32 | a variant of Win32/HackTool.Delf.NDZ |
| Fortinet | W32/Delf.NDZ!tr |
| GData | Gen:Variant.Strictor.127840 |
| K7AntiVirus | Hacktool ( 004f99941 ) |
| K7GW | Hacktool ( 004f99941 ) |
| MAX | malware (ai score=100) |
| McAfee | RDN/Generic PUP.z |
| McAfee-GW-Edition | RDN/Generic PUP.z |
| Microsoft | Trojan:Win32/Occamy.C |
| MicroWorld-eScan | Gen:Variant.Strictor.127840 |
| Paloalto | generic.ml |
| Panda | Malicious Packer |
| Qihoo-360 | HEUR/QVM19.1.B00C.Malware.Gen |
| SentinelOne | static engine - malicious |
| Sophos | Mal/Packer |
| Symantec | Infostealer.Gamania |
| Tencent | Win32.Trojan.Xed.Wpsr |
| TotalDefense | Win32/AlexProtect!packed |
| Trapmine | suspicious.low.ml.score |
| VBA32 | Win32.Trojan.Hoster.Heur |
| VIPRE | Trojan.Win32.Generic!BT |
| Yandex | Packed/PE-Armor |
| ZoneAlarm | UDS:DangerousObject.Multi.Generic |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_recreated": [
"\\??\\{EF381EA0-4D07-418D-A490-68AF67CE948B}",
"C:\\Windows\\System32\\drivers\\etc\\hosts"
],
"dll_loaded": [
"gdiplus.dll",
"winmm.dll",
"kernel32.dll",
"UxTheme.dll",
"oleaut32.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"WS2_32.DLL",
"libeay32.dll",
"comdlg32.dll",
"C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"OLEAUT32.DLL",
"comctl32",
"ws2_32.dll",
"IMM32.dll",
"C:\\Windows\\system32\\IMM32.DLL",
"olepro32.dll",
"version.dll",
"uxtheme.dll",
"wsock32.dll",
"ssleay32.dll",
"comctl32.dll",
"shell32.dll",
"user32.dll"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1937a456c75b5dd28cb95eec2694bdaf4fcec8e301dd3a32a225d450c02ff71b.bin",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"\\??\\PhysicalDrive0"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sql",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.TTS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.csa",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.csv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.css",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.grp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.psm1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.resmoncfg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cxx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.UDL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1F",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mcl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bmp",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pkcs10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xlb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xlc",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/msvideo",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-ms-license",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.obj",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.latex",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\x-x509-ca-cert",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bas",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1H",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ans",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.swf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\x-pkcs12",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bsc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dl_",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tli",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ani",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pmc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pma",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.3g2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pmr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ttc",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-compress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xhtml",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/scriptlet",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xlt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.movie",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.group",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.fky",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.text",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-latex",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/plain",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.snd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.kci",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ai",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.der",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-mpegurl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.contact",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.3gp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xls",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xsd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.webpnp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.def",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hlp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cat",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/3gpp2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.au",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.local",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.WMD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vspscc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vssscc",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/mpg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-gzip",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/x-wmf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.WMS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.VBE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.M2TS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vcf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.prc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.prf",
"HKEY_LOCAL_MACHINE\\Software\\nnbrowser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ogg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-mpg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.oga",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tsv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sed",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tsp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ogv",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\model\/vnd.edrwx+xps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.themepack",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rpc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.diagcfg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.DVR-MS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.in_",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pdb",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/mp4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.drv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ini",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/basic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.inl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.inc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.evtx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.inf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.gif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.inx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ttf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.inv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.aspx",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\model\/vnd.eprtx+xps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.M2V",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.M2T",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-x509-ca-cert",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.db",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/atom+xml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wsz",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/xml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.reg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/hta",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.eyb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.spc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.res",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wsc",
"HKEY_CURRENT_USER\\Software\\Borland\\Delphi\\Locales",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\vnd.ms-pki.pko",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.aiff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.aifc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards\\12",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/jpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xht",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.shtm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.eps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.osdx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.fon",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/vnd.ms-wpl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.compositefont",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jtx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sbr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.iso",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jtp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wab",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-jtx+xps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.3gp2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.search-ms",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\vnd.ms-pki.certstore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wav",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.oc_",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.nvr",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-mpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.slupkg-ms",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-stuffit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tiff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ocx",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-ms-application",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dos",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.3gpp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.qds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.doc",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pkix-crl",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/x-png",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.faq",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jod",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sym",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.webm",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-mid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msrcincident",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sys",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-pkcs7-certificates",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sor",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\model\/vnd.dwfx+xps",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-midi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.html",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\x-pkcs7-certreqresp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.etp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hdp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards\\8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.MOD",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\model\/vnd.easmx+xps",
"HKEY_CLASSES_ROOT\\.386",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-wav",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tlh",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ncb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.avi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tlb",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/html",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pkcs7-mime",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.certstore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cpl",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-complus",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cpp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jfif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bkf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-wmplayer",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/mac-binhex40",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jpg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-mix-transfer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jpe",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/x-scriptlet",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/vnd.dlna.adts",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p12",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mp4v",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/rss+xml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mapimail",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\pkix-crl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.zfsendtotarget",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-tar",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-ms-asf-plugin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.RDP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rsp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pch",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\vnd.ms-pki.seccat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jbf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.label",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/fractals",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cod",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msdvd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.lst",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.stm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.stl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.com",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.pko",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/quicktime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wmdb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dct",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.plg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\x-pkcs7-certificates",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m3u",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/mpg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/xaml+xml",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-mpeg2a",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/mpeg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/xml",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/css",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.zip",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-ms-asf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/postscript",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.scf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.scd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.fnd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.scc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sct",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.scr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.scp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ADT",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\pkix-cert",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vbx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.theme",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mov",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.user",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mht",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.odh",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.odl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.odc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sc2",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.odt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.chk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.lnk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xslt",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/pjpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.chm",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/midi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ibq",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\vnd.ms-pki.stl",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/vnd-ms.click2record+xml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jnt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asmx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.z96",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.printerExport",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.diagcab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.Job",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-informationCard",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.gz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.perfmoncfg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.WSH",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.fif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.manifest",
"HKEY_CURRENT_USER\\Software\\Borland\\Locales",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.art",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.WSF",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-compressed",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rc2",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/opensearchdescription+xml",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\pkcs10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wpl",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-ms-wvx",
"HKEY_CLASSES_ROOT\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mlc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cdmp",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pkix-cert",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mhtml",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-troff-man",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sfcache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.c",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-ms-wma",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.a",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.h",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.i",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vxd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.s",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/x-vcard",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.z",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.x",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wlt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pfx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jav",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.diagpkg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pfm",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-mpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xrm-ms",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wtx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ilk",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/mpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bcp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.DVR",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pkcs7-signature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ps1xml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.js",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/tiff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cls",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.WTV",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.c2r",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p7m",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dbg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dib",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p7c",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p7b",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.lib",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.appref-ms",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pko",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.camp",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/vnd.ms-xpsdocument",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p7s",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p7r",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.library-ms",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vbproj",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msstyles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tdl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vsscc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.URL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.php3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xsl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cgm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.docx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.java",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cur",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pyc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m4p",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pyo",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/3gpp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pyw",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wcx",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.stl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mpe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mpg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mpa",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ppt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hxx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mig",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.diz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mp4",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-ms-wmz",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-ms-wm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mp3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mp2",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-mp3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.log",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pbk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.udf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wma",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mak",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.seccat",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-pkcs7-certreqresp",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-ms-wmx",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-ms-wmv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hqx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dwfx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rul",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/3gpp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sit",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/x-component",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.gmmp",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\pkcs7-signature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asa",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.nfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tgz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.TS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.crds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sy_",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.csproj",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.psc1",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-ms-wmd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rgs",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\message\/rfc822",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.fnt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sr_",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.crd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m4v",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.crl",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-ms-wax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.MTS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m4a",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.crt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m4b",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.udt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.shtml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wbcat",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-zip-compressed",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/bmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mpv2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mp2v",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/3gpp2",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-ms-xbap",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.man",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1W",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1V",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dsw",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1T",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.htx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dsp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ghi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.htt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.img",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.htw",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.imc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.viw",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1D",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dsn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1K",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hta",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/avi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.htc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.icc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.IVF",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\pkcs7-mime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.icl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.icm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ico",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ics",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/wav",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-aiff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.midi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pnf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.png",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.idq",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/mp4",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/png",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.eprtx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.idl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wvx",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/mpegurl",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/mp3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m1v",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.blg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.evt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xix",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/vnd.dlna.mpeg-tts",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/x-ms-contact",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.aps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rct",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cda",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xaml",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/mid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ps1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.srf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-pkcs12",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.edrwx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cdx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.py",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.trg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m14",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mmf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.easmx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.emf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.JSE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.searchConnector-ms",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.AAC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wmf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.psd",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-mplayer2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mydocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wmv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wmx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wmz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hhc",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/aiff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rmi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.otf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hpp",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\midi\/mid",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-msvideo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ascx",
"HKEY_LOCAL_MACHINE\\Software\\Borland\\Locales",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.gadget",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.application",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.usr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.lgn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rtf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.desklink",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xbap",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ADTS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.psd1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ex_",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wdp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vcproj",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1S",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cmd",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/gif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sst",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1Q",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.exe",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/x-jg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.aif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pdf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/x-icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wri",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.nls",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.exp"
],
"resolves_host": [
"ip.taobao.com",
"www.ip138.com",
"ip.aliyun.com",
"whois.pconline.com.cn"
],
"file_written": [
"C:\\Windows\\System32\\drivers\\etc\\hosts"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1937a456c75b5dd28cb95eec2694bdaf4fcec8e301dd3a32a225d450c02ff71b.ini"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1937a456c75b5dd28cb95eec2694bdaf4fcec8e301dd3a32a225d450c02ff71b.bin",
"C:\\Windows\\System32\\drivers\\etc\\hosts"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/mpeg\\Extension",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/postscript\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/aiff\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\x-pkcs7-certificates\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-informationCard\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-mpegurl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-wav\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/mp4\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/3gpp2\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/basic\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\vnd.ms-pki.certstore\\Extension",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-CN",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/msvideo\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-mpeg2a\\Extension",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/3gpp\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-mplayer2\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-mid\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-ms-asf-plugin\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/mp4\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/mac-binhex40\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\vnd.ms-pki.pko\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\midi\/mid\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\LoadAppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/pkcs7-signature\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\model\/vnd.eprtx+xps\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-ms-wax\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Tahoma",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\vnd.ms-pki.seccat\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/mpeg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/gif\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-wmf\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/atom+xml\\Extension",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server\\TSUserEnabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-pkcs12\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-ms-wvx\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-ms-license\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-ms-asf\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\x-x509-ca-cert\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-compressed\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-ms-wmz\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/vnd-ms.click2record+xml\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-zip-compressed\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/xaml+xml\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/xml\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-x509-ca-cert\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/mid\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/3gpp\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.certstore\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/pkcs7-mime\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-ms-wmx\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-wmplayer\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\model\/vnd.edrwx+xps\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/png\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/x-vcard\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-pkcs7-certreqresp\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-aiff\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/pjpeg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-midi\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-ms-wma\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/quicktime\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.pko\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-png\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/midi\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-latex\\Extension",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-CN",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-jg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-mp3\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/pkix-crl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/jpeg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/3gpp2\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/vnd.dlna.adts\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/plain\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-ms-wmv\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/mpg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\pkix-crl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\message\/rfc822\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-msvideo\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-icon\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/scriptlet\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\model\/vnd.dwfx+xps\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-stuffit\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-jtx+xps\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/pkix-cert\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/opensearchdescription+xml\\Extension",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-tar\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\PageAllocatorSystemHeapIsPrivate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/wav\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/x-ms-contact\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/vnd.dlna.mpeg-tts\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/html\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\x-pkcs7-certreqresp\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/pkcs10\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/avi\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/tiff\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/vnd.ms-wpl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\PageAllocatorUseSystemHeap",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards\\12\\ServiceName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/fractals\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/mp3\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/xml\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-pkcs7-certificates\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/x-component\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards\\8\\ServiceName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/x-scriptlet\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.seccat\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-ms-xbap\\Extension",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-complus\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-troff-man\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\x-pkcs12\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-compress\\Extension",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server\\TSAppCompat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-mix-transfer\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-ms-wmd\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\vnd.ms-pki.stl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\pkcs7-signature\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/mpegurl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.stl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/rss+xml\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\nnbrowser\\path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-gzip\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\pkix-cert\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\model\/vnd.easmx+xps\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/mpg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-mpeg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-ms-application\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-mpg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/bmp\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/hta\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/vnd.ms-xpsdocument\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\pkcs10\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/css\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-ms-wm\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\pkcs7-mime\\Extension",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-mpeg\\Extension"
],
"directory_enumerated": [
"",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\rename.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\browser\\nnbrowser.exe.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\browser\\nnbrowser.exe",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\download.tmp"
]
}Dropped
[
{
"yara": [],
"sha1": "7ebdcc09654a2acb6d0809be383a00f2bd24ef23",
"name": "96e112bfdea0f928_hosts",
"filepath": "C:\\Windows\\System32\\drivers\\etc\\hosts",
"type": "ASCII text, with CRLF line terminators",
"sha256": "96e112bfdea0f9283c5439654c4cb07e8d0fd00fef28d939f4904d68ce78ba80",
"urls": [],
"crc32": "239D44CB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10244\/files\/96e112bfdea0f928_hosts",
"ssdeep": null,
"size": 927,
"sha512": "aa03bc915ae96bbfb8c5f30389c7a6a37b3a12de9203db4bace1c951c981f567924f779f90d342b63e685e0b9c856a374432ac7e345ef81ccf00f3c0d582e515",
"pids": [
2308
],
"md5": "ccd0a09b34f934b12481ace8a97bcb51"
}
]Generic
[
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1603284787.578125,
"ppid": 376
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\1937a456c75b5dd28cb95eec2694bdaf4fcec8e301dd3a32a225d450c02ff71b.bin",
"process_name": "1937a456c75b5dd28cb95eec2694bdaf4fcec8e301dd3a32a225d450c02ff71b.bin",
"pid": 2308,
"summary": {
"file_recreated": [
"\\??\\{EF381EA0-4D07-418D-A490-68AF67CE948B}",
"C:\\Windows\\System32\\drivers\\etc\\hosts"
],
"dll_loaded": [
"gdiplus.dll",
"winmm.dll",
"kernel32.dll",
"UxTheme.dll",
"oleaut32.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"WS2_32.DLL",
"libeay32.dll",
"comdlg32.dll",
"C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"OLEAUT32.DLL",
"comctl32",
"ws2_32.dll",
"IMM32.dll",
"C:\\Windows\\system32\\IMM32.DLL",
"olepro32.dll",
"version.dll",
"uxtheme.dll",
"wsock32.dll",
"ssleay32.dll",
"comctl32.dll",
"shell32.dll",
"user32.dll"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1937a456c75b5dd28cb95eec2694bdaf4fcec8e301dd3a32a225d450c02ff71b.bin",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"\\??\\PhysicalDrive0"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sql",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.TTS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.csa",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.csv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.css",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.grp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.psm1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.resmoncfg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cxx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.UDL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1F",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mcl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bmp",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pkcs10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xlb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xlc",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/msvideo",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-ms-license",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.obj",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.latex",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\x-x509-ca-cert",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bas",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1H",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ans",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.swf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\x-pkcs12",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bsc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dl_",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tli",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ani",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pmc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pma",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.3g2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pmr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ttc",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-compress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xhtml",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/scriptlet",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xlt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.movie",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.group",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.fky",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.text",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-latex",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/plain",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.snd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.kci",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ai",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.der",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-mpegurl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.contact",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.3gp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xls",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xsd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.webpnp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.def",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hlp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cat",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/3gpp2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.au",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.local",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.WMD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vspscc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vssscc",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/mpg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-gzip",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/x-wmf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.WMS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.VBE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.M2TS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vcf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.prc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.prf",
"HKEY_LOCAL_MACHINE\\Software\\nnbrowser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ogg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-mpg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.oga",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tsv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sed",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tsp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ogv",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\model\/vnd.edrwx+xps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.themepack",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rpc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.diagcfg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.DVR-MS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.in_",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pdb",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/mp4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.drv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ini",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/basic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.inl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.inc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.evtx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.inf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.gif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.inx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ttf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.inv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.aspx",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\model\/vnd.eprtx+xps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.M2V",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.M2T",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-x509-ca-cert",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.db",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/atom+xml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wsz",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/xml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.reg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/hta",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.eyb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.spc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.res",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wsc",
"HKEY_CURRENT_USER\\Software\\Borland\\Delphi\\Locales",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\vnd.ms-pki.pko",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.aiff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.aifc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards\\12",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/jpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xht",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.shtm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.eps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.osdx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.fon",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/vnd.ms-wpl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.compositefont",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jtx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sbr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.iso",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jtp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wab",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-jtx+xps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.3gp2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.search-ms",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\vnd.ms-pki.certstore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wav",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.oc_",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.nvr",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-mpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.slupkg-ms",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-stuffit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tiff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ocx",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-ms-application",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dos",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.3gpp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.qds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.doc",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pkix-crl",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/x-png",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.faq",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jod",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sym",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.webm",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-mid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msrcincident",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sys",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-pkcs7-certificates",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sor",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\model\/vnd.dwfx+xps",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-midi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.html",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\x-pkcs7-certreqresp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.etp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hdp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards\\8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.MOD",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\model\/vnd.easmx+xps",
"HKEY_CLASSES_ROOT\\.386",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-wav",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tlh",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ncb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.avi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tlb",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/html",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pkcs7-mime",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.certstore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cpl",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-complus",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cpp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jfif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bkf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-wmplayer",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/mac-binhex40",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jpg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-mix-transfer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jpe",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/x-scriptlet",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/vnd.dlna.adts",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p12",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mp4v",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/rss+xml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mapimail",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\pkix-crl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.zfsendtotarget",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-tar",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-ms-asf-plugin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.RDP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rsp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pch",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\vnd.ms-pki.seccat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jbf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.label",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/fractals",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cod",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msdvd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.lst",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.stm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.stl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.com",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.pko",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/quicktime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wmdb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dct",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.plg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\x-pkcs7-certificates",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m3u",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/mpg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/xaml+xml",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-mpeg2a",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/mpeg",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/xml",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/css",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.zip",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-ms-asf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/postscript",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.scf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.scd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.fnd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.scc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sct",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.scr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.scp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ADT",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\pkix-cert",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vbx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.theme",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mov",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.user",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mht",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.odh",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.odl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.odc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sc2",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.odt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.chk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.lnk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xslt",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/pjpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.chm",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/midi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ibq",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\vnd.ms-pki.stl",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/vnd-ms.click2record+xml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jnt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asmx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.z96",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.printerExport",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.diagcab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.Job",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-informationCard",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.gz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.perfmoncfg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.WSH",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.fif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.manifest",
"HKEY_CURRENT_USER\\Software\\Borland\\Locales",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.art",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.WSF",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-compressed",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rc2",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/opensearchdescription+xml",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\pkcs10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wpl",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-ms-wvx",
"HKEY_CLASSES_ROOT\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mlc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cdmp",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pkix-cert",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mhtml",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-troff-man",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sfcache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.c",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-ms-wma",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.a",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.h",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.i",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vxd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.s",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/x-vcard",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.z",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.x",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wlt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pfx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jav",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.diagpkg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pfm",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-mpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xrm-ms",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wtx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ilk",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/mpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bcp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.DVR",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pkcs7-signature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ps1xml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.js",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/tiff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cls",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.WTV",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.c2r",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p7m",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dbg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dib",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p7c",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p7b",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.lib",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.appref-ms",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pko",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.camp",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/vnd.ms-xpsdocument",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p7s",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.p7r",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.library-ms",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vbproj",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.msstyles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tdl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vsscc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.URL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.php3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xsl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cgm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.docx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.java",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cur",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pyc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m4p",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pyo",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/3gpp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pyw",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wcx",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.stl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mpe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mpg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mpa",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ppt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hxx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mig",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.diz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mp4",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-ms-wmz",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-ms-wm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mp3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mp2",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-mp3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.log",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pbk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.udf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wma",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mak",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.seccat",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-pkcs7-certreqresp",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-ms-wmx",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-ms-wmv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hqx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dwfx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rul",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/3gpp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sit",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/x-component",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.gmmp",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\pkcs7-signature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asa",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.nfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tgz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.TS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.asp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.crds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sy_",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.csproj",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.psc1",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-ms-wmd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rgs",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\message\/rfc822",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.fnt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sr_",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.crd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m4v",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.crl",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-ms-wax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.MTS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m4a",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.crt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m4b",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.udt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.shtml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wbcat",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-zip-compressed",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/bmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mpv2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mp2v",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/3gpp2",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-ms-xbap",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.man",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.jpeg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1W",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1V",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dsw",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1T",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.htx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dsp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ghi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.htt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.img",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.htw",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.imc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.viw",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1D",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dsn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1K",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hta",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/avi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.htc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.icc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.IVF",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\pkcs7-mime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.icl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.icm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ico",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ics",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/wav",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/x-aiff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.midi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pnf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.png",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.idq",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/mp4",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/png",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.eprtx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.idl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wvx",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/mpegurl",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/mp3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m1v",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.blg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.evt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xix",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/vnd.dlna.mpeg-tts",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/x-ms-contact",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.aps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rct",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cda",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xaml",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/mid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ps1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.srf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-pkcs12",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.edrwx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cdx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.py",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.trg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.m14",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mmf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.easmx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.emf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.JSE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.searchConnector-ms",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.AAC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wmf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.psd",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/x-mplayer2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.mydocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wmv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wmx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wmz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hhc",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\audio\/aiff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.tif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rmi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.otf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.hpp",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\midi\/mid",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\video\/x-msvideo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ascx",
"HKEY_LOCAL_MACHINE\\Software\\Borland\\Locales",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.gadget",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.application",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.usr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.lgn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.rtf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.desklink",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.xbap",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ADTS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.psd1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ex_",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wdp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.vcproj",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1S",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.cmd",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/gif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.sst",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.H1Q",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.exe",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/x-jg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.aif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.pdf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\image\/x-icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.wri",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.nls",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.dat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.ext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\.exp"
],
"resolves_host": [
"ip.taobao.com",
"www.ip138.com",
"ip.aliyun.com",
"whois.pconline.com.cn"
],
"file_written": [
"C:\\Windows\\System32\\drivers\\etc\\hosts"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1937a456c75b5dd28cb95eec2694bdaf4fcec8e301dd3a32a225d450c02ff71b.ini"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1937a456c75b5dd28cb95eec2694bdaf4fcec8e301dd3a32a225d450c02ff71b.bin",
"C:\\Windows\\System32\\drivers\\etc\\hosts"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/mpeg\\Extension",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/postscript\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/aiff\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\x-pkcs7-certificates\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-informationCard\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-mpegurl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-wav\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/mp4\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/3gpp2\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/basic\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\vnd.ms-pki.certstore\\Extension",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-CN",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/msvideo\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-mpeg2a\\Extension",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/3gpp\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-mplayer2\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-mid\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-ms-asf-plugin\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/mp4\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/mac-binhex40\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\vnd.ms-pki.pko\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\midi\/mid\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\LoadAppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/pkcs7-signature\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\model\/vnd.eprtx+xps\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-ms-wax\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Tahoma",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\vnd.ms-pki.seccat\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/mpeg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/gif\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-wmf\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/atom+xml\\Extension",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server\\TSUserEnabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-pkcs12\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-ms-wvx\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-ms-license\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-ms-asf\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\x-x509-ca-cert\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-compressed\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-ms-wmz\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/vnd-ms.click2record+xml\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-zip-compressed\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/xaml+xml\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/xml\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-x509-ca-cert\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.386\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/mid\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/3gpp\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.certstore\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/pkcs7-mime\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-ms-wmx\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-wmplayer\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\model\/vnd.edrwx+xps\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/png\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/x-vcard\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-pkcs7-certreqresp\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-aiff\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/pjpeg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-midi\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-ms-wma\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/quicktime\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.pko\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-png\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/midi\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-latex\\Extension",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-CN",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-jg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-mp3\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/pkix-crl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/jpeg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/3gpp2\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/vnd.dlna.adts\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/plain\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-ms-wmv\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/mpg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\pkix-crl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\message\/rfc822\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-msvideo\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-icon\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/scriptlet\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\model\/vnd.dwfx+xps\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-stuffit\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-jtx+xps\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/pkix-cert\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/opensearchdescription+xml\\Extension",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-tar\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\PageAllocatorSystemHeapIsPrivate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/wav\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/x-ms-contact\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/vnd.dlna.mpeg-tts\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/html\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\x-pkcs7-certreqresp\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/pkcs10\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/avi\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/tiff\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/vnd.ms-wpl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\PageAllocatorUseSystemHeap",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards\\12\\ServiceName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/fractals\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/mp3\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/xml\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-pkcs7-certificates\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/x-component\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards\\8\\ServiceName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/x-scriptlet\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.seccat\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-ms-xbap\\Extension",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-complus\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-troff-man\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\x-pkcs12\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-compress\\Extension",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server\\TSAppCompat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-mix-transfer\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-ms-wmd\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\vnd.ms-pki.stl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\pkcs7-signature\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/mpegurl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/vnd.ms-pki.stl\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/rss+xml\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\nnbrowser\\path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-gzip\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\pkix-cert\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\model\/vnd.easmx+xps\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/mpg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-mpeg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/x-ms-application\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-mpg\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/bmp\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/hta\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application\/vnd.ms-xpsdocument\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\pkcs10\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text\/css\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\video\/x-ms-wm\\Extension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\pkcs7-mime\\Extension",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\audio\/x-mpeg\\Extension"
],
"directory_enumerated": [
"",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\rename.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\browser\\nnbrowser.exe.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\browser\\nnbrowser.exe",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\download.tmp"
]
},
"first_seen": 1603284787.765625,
"ppid": 3040
}
]Signatures
[
{
"markcount": 1,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": "",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 1,
"families": [],
"description": "The executable uses a known packer",
"severity": 1,
"marks": [
{
"category": "packer",
"ioc": "PE-Armor 0.46 -> Hying",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "peid_packer"
},
{
"markcount": 63,
"families": [],
"description": "One or more processes crashed",
"severity": 1,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3735588,
"ebp": 6025216,
"edx": 3735552,
"ebx": 6025634,
"esi": 0,
"ecx": 3350134784
},
"exception": {
"instruction_r": "ad cd 20 e8 16 00 00 00 8b 5c 24 0c 8b a3 c4 00",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x390049"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 3
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3735595,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 b9 04 00 00 00 e8 1f 00 00 00 eb fa e8",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x390078"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 4
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3735738,
"ebp": 1636532,
"edx": 0,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 05 00 00 00 0f 01 eb 05 e8 eb fb 00",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x3900e6"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 5
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 0,
"ebp": 1636532,
"edx": 0,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 33 f6 e8 10 00 00 00 8b 64 24 08 64 8f",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x39013c"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 6
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 0,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 3735829
},
"exception": {
"instruction_r": "ad cd 20 b9 04 00 00 00 e8 1f 00 00 00 eb fa e8",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x390164"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 7
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3736009,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 eb 01 0f 31 f0 eb 0c 33 c8 eb 03 eb 09",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x390217"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 8
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3736259,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 3736048
},
"exception": {
"instruction_r": "ad cd 20 e8 08 00 00 00 0f 01 83 c0 0f 50 c3 ff",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x3902e8"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 9
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3736600,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "ad cd 20 33 f6 e8 10 00 00 00 8b 64 24 08 64 8f",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x39043d"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 10
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3736607,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 0,
"esi": 0,
"ecx": 3736607
},
"exception": {
"instruction_r": "ad cd 20 e8 16 00 00 00 8b 5c 24 0c 8b a3 c4 00",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x390465"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 11
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3736647,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 05 00 00 00 0f 01 eb 05 e8 eb fb 00",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x390494"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 12
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3736799,
"ebp": 1636532,
"edx": 0,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 16 00 00 00 8b 5c 24 0c 8b a3 c4 00",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x39052d"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 13
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 0,
"ebp": 1636532,
"edx": 0,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 b9 04 00 00 00 e8 1f 00 00 00 eb fa e8",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x39055c"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 14
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3737091,
"ebp": 1636532,
"edx": 0,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 16 00 00 00 8b 5c 24 0c 8b a3 c4 00",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x390651"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 15
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 0,
"ebp": 1636532,
"edx": 0,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 08 00 00 00 0f 01 83 c0 0f 50 c3 ff",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x390680"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 16
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3737359,
"ebp": 1636532,
"edx": 0,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 05 00 00 00 0f 01 eb 05 e8 eb fb 00",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x39075d"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 17
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3737709,
"ebp": 1636532,
"edx": 0,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 33 f6 e8 10 00 00 00 8b 64 24 08 64 8f",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x3908bb"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 18
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 0,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 3737748
},
"exception": {
"instruction_r": "ad cd 20 e8 16 00 00 00 8b 5c 24 0c 8b a3 c4 00",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x3908e3"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 19
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3737797,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 05 00 00 00 0f 01 eb 05 e8 eb fb 00",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x390912"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 20
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3738031,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "ad cd 20 e8 03 00 00 00 c7 84 00 58 eb 01 e9 83",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x3909d4"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 21
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3738090,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 03 00 00 00 c7 84 00 58 eb 01 e9 83",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x390a16"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 22
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3738156,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 3738095
},
"exception": {
"instruction_r": "ad cd 20 e8 08 00 00 00 0f 01 83 c0 0f 50 c3 ff",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x390a62"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 23
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3738257,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 0,
"esi": 0,
"ecx": 3738180
},
"exception": {
"instruction_r": "ad cd 20 b9 04 00 00 00 e8 1f 00 00 00 eb fa e8",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x390ab6"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 24
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3738527,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 08 00 00 00 0f 01 83 c0 0f 50 c3 ff",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x390bcb"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 25
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3738777,
"ebp": 1636532,
"edx": 0,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 05 00 00 00 0f 01 eb 05 e8 eb fb 00",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x390ce7"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 26
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 0,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 3738816
},
"exception": {
"instruction_r": "ad cd 20 e8 08 00 00 00 0f 01 83 c0 0f 50 c3 ff",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x390d20"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 27
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3738956,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 08 00 00 00 0f 01 83 c0 0f 50 c3 ff",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x390d78"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 28
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3739158,
"ebp": 1636532,
"edx": 0,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 08 00 00 00 0f 01 83 c0 0f 50 c3 ff",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x390e42"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 29
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3739227,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 3739163
},
"exception": {
"instruction_r": "ad cd 20 eb 01 0f 31 f0 eb 0c 33 c8 eb 03 eb 09",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x390e80"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 30
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3739365,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "ad cd 20 33 f6 e8 10 00 00 00 8b 64 24 08 64 8f",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x390f42"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 31
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3739428,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 0,
"esi": 0,
"ecx": 3739428
},
"exception": {
"instruction_r": "ad cd 20 e8 03 00 00 00 c7 84 00 58 eb 01 e9 83",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x390f6a"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 32
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3739648,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 07 00 00 00 c7 83 83 c0 13 eb 0b 58",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x39102c"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 33
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3739721,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 3739653
},
"exception": {
"instruction_r": "ad cd 20 eb 01 0f 31 f0 eb 0c 33 c8 eb 03 eb 09",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x39106e"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 34
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3739728,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 0,
"esi": 0,
"ecx": 3739728
},
"exception": {
"instruction_r": "ad cd 20 e8 03 00 00 00 c7 84 00 58 eb 01 e9 83",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x3910ac"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 35
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3739914,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "ad cd 20 e8 07 00 00 00 c7 83 83 c0 13 eb 0b 58",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x391178"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 36
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3740063,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 03 00 00 00 c7 84 00 58 eb 01 e9 83",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x3911ed"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 37
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3740189,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 3740102
},
"exception": {
"instruction_r": "ad cd 20 e8 03 00 00 00 c7 84 00 58 eb 01 e9 83",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x391242"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 38
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3740258,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "ad cd 20 33 f6 e8 10 00 00 00 8b 64 24 08 64 8f",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x3912a9"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 39
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3740299,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 0,
"esi": 0,
"ecx": 3740299
},
"exception": {
"instruction_r": "ad cd 20 eb 01 0f 31 f0 eb 0c 33 c8 eb 03 eb 09",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x3912d1"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 40
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3740470,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 03 00 00 00 c7 84 00 58 eb 01 e9 83",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x391384"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 41
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3740716,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "ad cd 20 e8 03 00 00 00 c7 84 00 58 eb 01 e9 83",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x391489"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 42
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3740867,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 33 f6 e8 10 00 00 00 8b 64 24 08 64 8f",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x391511"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 43
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 0,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 3740906
},
"exception": {
"instruction_r": "ad cd 20 e8 16 00 00 00 8b 5c 24 0c 8b a3 c4 00",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x391539"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 44
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3740955,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 03 00 00 00 c7 84 00 58 eb 01 e9 83",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x391568"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 45
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3741363,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "ad cd 20 e8 16 00 00 00 8b 5c 24 0c 8b a3 c4 00",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x3916e9"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 46
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3741387,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 05 00 00 00 0f 01 eb 05 e8 eb fb 00",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x391718"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 47
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3741657,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "ad cd 20 eb 01 0f 31 f0 eb 0c 33 c8 eb 03 eb 09",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x3917fe"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 48
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3741760,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 0,
"esi": 0,
"ecx": 3741664
},
"exception": {
"instruction_r": "ad cd 20 e8 16 00 00 00 8b 5c 24 0c 8b a3 c4 00",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x391876"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 49
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3741784,
"ebp": 1636532,
"edx": 0,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "f7 f1 e9 e8 05 00 00 00 0f 01 eb 05 e8 eb fb 00",
"instruction": "div ecx",
"exception_code": "0xc0000094",
"symbol": "",
"address": "0x3918a5"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 50
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 0,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 1637148,
"esi": 0,
"ecx": 3741822
},
"exception": {
"instruction_r": "ad cd 20 eb 01 0f 31 f0 eb 0c 33 c8 eb 03 eb 09",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x3918de"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 51
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n0\n0\n2\n3",
"registers": {
"esp": 1638272,
"edi": 0,
"eax": 3742053,
"ebp": 1636532,
"edx": 2008902349,
"ebx": 0,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "ad cd 20 e8 16 00 00 00 8b 5c 24 0c 8b a3 c4 00",
"instruction": "lodsd eax, dword ptr [esi]",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x39198a"
}
},
"time": 1603284787.859625,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 52
}
],
"references": [],
"name": "raises_exception"
},
{
"markcount": 1,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2308,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x005f0000"
},
"time": 1603284787.937625,
"tid": 1664,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2308,
"type": "call",
"cid": 787
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 14,
"families": [],
"description": "Foreign language identified in PE resource",
"severity": 2,
"marks": [
{
"name": "RT_BITMAP",
"language": "LANG_CHINESE",
"offset": "0x001929d4",
"filetype": "GLS_BINARY_LSB_FIRST",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000000e8"
},
{
"name": "RT_BITMAP",
"language": "LANG_CHINESE",
"offset": "0x001929d4",
"filetype": "GLS_BINARY_LSB_FIRST",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000000e8"
},
{
"name": "RT_BITMAP",
"language": "LANG_CHINESE",
"offset": "0x001929d4",
"filetype": "GLS_BINARY_LSB_FIRST",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000000e8"
},
{
"name": "RT_BITMAP",
"language": "LANG_CHINESE",
"offset": "0x001929d4",
"filetype": "GLS_BINARY_LSB_FIRST",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000000e8"
},
{
"name": "RT_BITMAP",
"language": "LANG_CHINESE",
"offset": "0x001929d4",
"filetype": "GLS_BINARY_LSB_FIRST",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000000e8"
},
{
"name": "RT_BITMAP",
"language": "LANG_CHINESE",
"offset": "0x001929d4",
"filetype": "GLS_BINARY_LSB_FIRST",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000000e8"
},
{
"name": "RT_BITMAP",
"language": "LANG_CHINESE",
"offset": "0x001929d4",
"filetype": "GLS_BINARY_LSB_FIRST",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000000e8"
},
{
"name": "RT_BITMAP",
"language": "LANG_CHINESE",
"offset": "0x001929d4",
"filetype": "GLS_BINARY_LSB_FIRST",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000000e8"
},
{
"name": "RT_BITMAP",
"language": "LANG_CHINESE",
"offset": "0x001929d4",
"filetype": "GLS_BINARY_LSB_FIRST",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000000e8"
},
{
"name": "RT_BITMAP",
"language": "LANG_CHINESE",
"offset": "0x001929d4",
"filetype": "GLS_BINARY_LSB_FIRST",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000000e8"
},
{
"name": "RT_BITMAP",
"language": "LANG_CHINESE",
"offset": "0x001929d4",
"filetype": "GLS_BINARY_LSB_FIRST",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000000e8"
},
{
"name": "RT_ICON",
"language": "LANG_CHINESE",
"offset": "0x00192abc",
"filetype": "dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000025a8"
},
{
"name": "RT_GROUP_ICON",
"language": "LANG_CHINESE",
"offset": "0x001a519c",
"filetype": "MS Windows icon resource - 1 icon, 48x48",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x00000014"
},
{
"name": "RT_MANIFEST",
"language": "LANG_CHINESE",
"offset": "0x001a51b0",
"filetype": "XML 1.0 document, ASCII text, with CRLF line terminators",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x0000035d"
}
],
"references": [],
"name": "origin_langid"
},
{
"markcount": 3,
"families": [],
"description": "The binary likely contains encrypted or compressed data indicative of a packer",
"severity": 2,
"marks": [
{
"entropy": 7.934429520660801,
"section": {
"size_of_data": "0x000bea00",
"virtual_address": "0x00001000",
"entropy": 7.934429520660801,
"name": "",
"virtual_size": "0x0018f000"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 7.644406101027968,
"section": {
"size_of_data": "0x00001c00",
"virtual_address": "0x001bf000",
"entropy": 7.644406101027968,
"name": "",
"virtual_size": "0x00002000"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 0.9,
"type": "generic",
"description": "Overall entropy of this PE file is high"
}
],
"references": [
"http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html",
"http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
],
"name": "packer_entropy"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 546,
"time": 3.0795037746429443,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 5226,
"time": 9.080390930175781,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7070,
"time": 3.021692991256714,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7398,
"time": 1.0205469131469727,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7726,
"time": 3.0346829891204834,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8054,
"time": 1.6534039974212646,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8382,
"time": -0.0912320613861084,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 8710,
"time": 1.5793969631195068,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 28120,
"time": 1.037604808807373,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 36504,
"time": 3.1096339225769043,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "da8de7ce94f8f667a9083b123c24be17b2e82f2995c4f7c4f8f178da18da572e",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "b2fb4f15059f5ebc9355146fad30e8cc24cc487bd9f5d45f0979b5432215260a",
"irc": [],
"https_ex": []
}Screenshots
xyz.exe removal instructions
The instructions below shows how to remove xyz.exe with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the xyz.exe file for removal, restart your computer and scan it again to verify that xyz.exe has been successfully removed. Here are the removal instructions in more detail:
- Download and install FreeFixer: http://www.freefixer.com/download.html
- Start FreeFixer and press the Start Scan button. The scan will finish in approximately five minutes.
- When the scan is finished, locate xyz.exe in the scan result and tick the checkbox next to the xyz.exe file. Do not check any other file for removal unless you are 100% sure you want to delete it. Tip: Press CTRL-F to open up FreeFixer's search dialog to quickly locate xyz.exe in the scan result.
c:\downloads\xyz.exe 
- Scroll down to the bottom of the scan result and press the Fix button. FreeFixer will now delete the xyz.exe file.
- Restart your computer.
- Start FreeFixer and scan your computer again. If xyz.exe still remains in the scan result, proceed with the next step. If xyz.exe is gone from the scan result you're done.
- If xyz.exe still remains in the scan result, check its checkbox again in the scan result and click Fix.
- Restart your computer.
- Start FreeFixer and scan your computer again. Verify that xyz.exe no longer appear in the scan result.
Hashes [?]
| Property | Value |
|---|---|
| MD5 | d9018fb52961d3075d13da12748124f5 |
| SHA256 | 1937a456c75b5dd28cb95eec2694bdaf4fcec8e301dd3a32a225d450c02ff71b |
Error Messages
These are some of the error messages that can appear related to xyz.exe:
xyz.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
xyz.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
xyz.exe has stopped working.
End Program - xyz.exe. This program is not responding.
xyz.exe is not a valid Win32 application.
xyz.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with xyz.exe?
To help other users, please let us know what you will do with xyz.exe:
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.