0% found this document useful (0 votes)

52 views28 pages

Threat Analysis Report: Hash Values File Details Environment

The document provides a threat analysis report for a potentially malicious file. It details technical information like file hashes and size. Behavioral analysis uncovered various concerning activities including hiding content, modifying system settings and connecting to risky URLs. The report analyzes the file's processes, timeline of activity and interactions with the system registry and network.

Uploaded by

todo nothing

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

52 views28 pages

Threat Analysis Report: Hash Values File Details Environment

Uploaded by

todo nothing

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 28

McAfee Advanced Threat Defense

| Threat Analysis Report

File Name FL-674681.vbs Threat Level ⬤ 5 - Very High

Malware Name TYPE_TROJAN Engine GTI File Reputation

File Submitted 2021-04-13 01:36:49 UTC Processing Time 45 seconds

File Size 3,881 bytes Sandbox Replication 35 seconds

Show More Hash Values File Details Environment

MD5 Hash Identifier CAB106D7952A5C11AEF886E3F6F692B3

SHA-1 Hash Identifier 9E0E0FAB2ABB794571EA9BD6B57E5DACA3908FF7

SHA-256 Hash
F114827BC079CF5A923F7E3AD74EF399AEDF0225D23EA7039A3DD68866664340
Identifier

Hide hash values

File Type ASCII text

Hide file details

Microsoft Windows 7 Professional Service Pack 1 (build 7601, version 6.1.7601), 64-bit

Windows® Internet Explorer version: 8.0.7601.17514

Microsoft Office version: 2007

PDF Reader version: 11.0

No Flash player installed

Flash player plugin version: 22.0.0.209

Platform Version 4.12.0.7

Detection Package Version 4.12.0.201112

Hide environment

Behavior Classification

Behavior Severity

Hiding, Camouflage, Stealthiness, Detection and Removal Protection ⬤ 2 - Low

Modified time attribute of the specified file after its creation ⬤ 2 - Low

Attempted to execute service ⬤ 2 - Low

Security Solution / Mechanism bypass, termination and removal, Anti Debugging, VM Detection ⬤ 2 - Low

Created named mutex object ⬤ 2 - Low

⬤ 1-
Obtained user's logon name
Informational

Spreading ⬤ 2 - Low

Hid content by modifying its attributes ⬤ 2 - Low

⬤ 1-
Read data from a handle opened on previous URL's request
Informational

Networking ⬤ 2 - Low

Queried for system network configuration information ⬤ 2 - Low

Modified INTERNET_OPTION_CONNECT_RETRIES: number of times that

⬤ 2 - Low
Modified INTERNET_OPTION_CONNECT_RETRIES: number of times that
⬤ 2 - Low
WinInet attempts to resolve and connect to a host

Downloaded data from a webserver ⬤ 2 - Low

Connected to a specific service provider ⬤ 2 - Low

Altered Web Proxy Auto-Discovery Protocol (WPAD) for rerouting of the

⬤ 2 - Low
network traffic

⬤ 1-
Read data from a handle opened on previous URL's request
Informational

⬤ 1-
Queried for information related to data transfer size limits
Informational

⬤ 1-
Cracks a URL into its component parts
Informational

Exploiting, Shellcode ⬤ Unverified

Persistence, Installation Boot Survival ⬤ Unverified

Data spying, Sniffing, Keylogging, Ebanking Fraud ⬤ Unverified

GTI Web/URL Reputation

Connected Sites: 10

URL Port Reputation Category Name Risk Group Functional Group

185.216.113.80 20480 High Risk Malicious Sites Security Risk/Fraud/Crime

Unverified
98.124.253.210 20480 --- --- ---
Risk

ALUCMUHENDISLIK.COM 80 High Risk Malicious Sites Security Risk/Fraud/Crime

ALUCMUHENDISLIK.COM/JHGCD476334? 80 High Risk Malicious Sites Security Risk/Fraud/Crime

HEXACAM.COM 80 High Risk Malicious Sites Security Risk/Fraud/Crime

HEXACAM.COM/JHGCD476334? 80 High Risk Malicious Sites Security Risk/Fraud/Crime

Unknown
WIN-AUPGCV3CTSS 80 --- --- ---
Risk

WWW.ALUCMUHENDISLIK.COM.TR 80 Clean Business Information Business/Services

Minimal
YAMANASHI-JYUJIN.JP 80 Fashion/Beauty Productivity Purchasing
Risk

Medium
YAMANASHI-JYUJIN.JP/JHGCD476334? 80 PUPs Security Risk/Fraud/Crime
Risk

Processes Analyzed

Name Reason Severity

FL-674681.vbs loaded by MATD Analyzer ⬤ 2 - Low

Timeline Activity

Processes Files Registry Operations Network Operations Multiple Operations

Select Any Area to Zoom In

FL-674681.vbs

0 3 6 9 12 15 18 21
Offset in seconds

Jump to Timeline Details

Timeline Activity Details

Time Offset Event Details

Registry
00:00:000 HKLM\Software\Microsoft\Windows Script Host\Settings
Opened

Registry
00:00:000 HKCU\Software\Microsoft\Windows Script Host\Settings
Opened

Registry HKCU\Software\Microsoft\Windows Script Host\Settings

00:00:000
Read Enabled

Registry HKLM\Software\Microsoft\Windows Script Host\Settings

00:00:000
Read Enabled

Registry HKLM\Software\Microsoft\Windows Script Host\Settings

00:00:000
Read IgnoreUserSettings

Registry HKLM\Software\Microsoft\Windows Script Host\Settings

00:00:016
Read TrustPolicy

Registry HKCU\Software\Microsoft\Windows Script Host\Settings

00:00:016
Read LogSecuritySuccesses

Registry
00:00:016 HKLM\Software\Microsoft\Windows Script Host\Settings
Created

Registry
00:00:016 HKCU\Software\Microsoft\Windows Script Host\Settings
Created

Registry HKCU\Software\Microsoft\Windows Script Host\Settings

00:00:016
Read DisplayLogo

Registry HKCU\Software\Microsoft\Windows Script Host\Settings

00:00:016 Read Timeout

Registry HKLM\Software\Microsoft\Windows Script Host\Settings

00:00:016
Read UseWINSAFER

File
00:00:016 Operations, Retrieved the full path for the module
miscellaneous

Registry HKCU\Software\Microsoft\Windows Script Host\Settings

00:00:016
Read UseWINSAFER

Registry HKLM\Software\Microsoft\Windows Script Host\Settings

00:00:016
Read Timeout

Registry HKLM\Software\Microsoft\Windows Script Host\Settings

00:00:016
Read LogSecuritySuccesses

00:00:016 Files Read C:\bfzpaudfpy\266c0929-6165-4669-9237-ebf1f5d56fcc.vbs

d22f25
Thread
00:00:016
Created

Registry HKLM\Software\Microsoft\Windows Script Host\Settings

00:00:016
Read DisplayLogo

Registry HKCU\Software\Microsoft\Windows Script Host\Settings

00:00:016
Read TrustPolicy

Registry HKCR\VBSFile\ScriptEngine
00:00:032
Read Default
Registry
00:00:032 HKCR\VBSFile\ScriptEngine
Opened

Registry
00:00:032 HKCR\.vbs
Opened

Registry HKCR\.vbs
00:00:032
Read Default

C:\bfzpaudfpy\266c0929-6165-4669-9237-ebf1f5d56fcc.vbs
Files Read
00:00:032
Opened 8000000

00:00:032 Others Retrieved information about a locale specified by a identifier

{6C736DB1-BD94-11D0-8A23-00AA00B58E10}
Process
00:00:032
Created

Memory
00:00:032 Created a file that can be used for memory mapping
Mapped Files

{B54F3741-5B07-11CF-A4B0-00AA004A55E8}
Process
00:00:032
Created

File
00:00:047 Operations, Obtained the path of the Windows system directory
miscellaneous

{06290BD1-48AA-11D2-8432-006008C3FBFC}
Process
00:00:079
Created

{00000323-0000-0000-C000-000000000046}
Process
00:00:094
Created

File
00:00:157 Operations, Searched a directory for the name: C:\Users\ADMINI~1
miscellaneous

File
00:00:157 Operations, Searched a directory for the name: C:\Users
miscellaneous

File
00:00:157 Operations, Retrieved the path of the directory designated for temporary files
miscellaneous

File
00:00:157 Operations, Obtained a set of FAT file system attributes for a file or directory
miscellaneous

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:172
Read DisablePassport

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:172
Read IdnEnabled

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:172
Read FromCacheTimeout

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:172
Read EnableNegotiate

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies

00:00:172
Read PerUserItem

Registry
00:00:172 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Opened

Registry
00:00:172 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Opened

Registry
00:00:172 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Opened

Registry
00:00:172 Opened HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:172
Read DisableKeepAlive

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:172
Read DisableBasicOverClearChannel

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:172
Read ClientAuthBuiltInUI

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:172
Read CacheMode

Registry
00:00:172 HKCU\Software\Policies
Opened

Registry
00:00:172 HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Opened

Registry
00:00:172 HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Opened

Registry
00:00:172 HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Opened

Registry
00:00:172 HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Opened

Registry
00:00:172 HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Opened

Registry
00:00:172 HKLM\Software
Opened

Registry
00:00:172 HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl
Opened

Registry
00:00:172 HKLM\Software\Policies\Microsoft\Internet Explorer
Opened

Registry
00:00:172 HKLM\Software\Policies
Opened

Registry
00:00:172 HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Opened

Registry
00:00:172 HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
Opened

00:00:172 Others Retrieved the user's logon name

00:00:172 Others Obtained information about an access token

Process
00:00:172 Operations, Opened the access token associated with a process
miscellaneous

Process
Deactivated the activation context corresponding to the specified cookie
00:00:172 Operations,
miscellaneous

File
00:00:172 Operations, Obtained path of the folder from its CLSID
miscellaneous

Registry
00:00:172 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Created

Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content

00:00:172
Read PerUserItem

Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

00:00:172
Read SessionStartTimeDefaultDeltaSecs

Registry
00:00:172 HKCU\Software
Opened

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:172
Read SyncMode5
00:00:172 Registry HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl
Read Feature_ClientAuthCertFilter

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content

00:00:172
Read PerUserItem

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content

00:00:172
Read CachePrefix

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content

00:00:172
Read CacheLimit

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

00:00:172
Read Signature

Registry HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl

00:00:172
Read Feature_ClientAuthCertFilter

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History

00:00:188
Read PerUserItem

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History

00:00:188
Read CachePrefix

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History

00:00:188
Read CacheLimit

Registry
00:00:188 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Opened

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies

00:00:188
Read CachePrefix

Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies

00:00:188
Read PerUserItem

Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History

00:00:188
Read PerUserItem

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies

00:00:188
Read CacheLimit

Registry
00:00:188 HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Opened

C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

Files Read & Write
00:00:204
Created 10000000

Process
00:00:204 Operations, Set a waiting mode until a specified object is in the signaled state or the time-out interval elapses
miscellaneous

C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Files Read & Write
00:00:204
Created 10000000

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Files Read & Write
00:00:204
Created 10000000

C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\, attribute: Hidden & System

Files & NotContentIndex
00:00:204
Modified

C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\, attribute:

Files Hidden & System & NotContentIndex
00:00:204
Modified

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\, attribute: Hidden & System &

Files NotContentIndex
00:00:204 Modified

Memory
00:00:204 Opened a named file-mapping object
Mapped Files
File
00:00:204 Operations, Set the date and time of a file or directory
miscellaneous

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:

00:00:219
Read CachePath

Registry
00:00:219 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld
Opened

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:

00:00:219
Read CacheOptions

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:

00:00:219
Read CacheLimit

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
Registry
00:00:219 Cache\MSHist012021012020210121
Read
CacheRepair

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
Registry
00:00:219 Cache\MSHist012021012020210121
Read
CachePrefix

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
Registry
00:00:219 Cache\MSHist012021012020210121
Read
CachePath

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
Registry
00:00:219 Cache\MSHist012021012020210121
Read
CacheOptions

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
Registry
00:00:219 Cache\MSHist012021012020210121
Read
CacheLimit

Registry HKCU\Software\Microsoft\Internet
00:00:219
Opened Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET

Registry
00:00:219 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
Opened

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible

00:00:219
Opened Cache\MSHist012021012020210121

Registry
00:00:219 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:
Opened

Registry
00:00:219 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat
Opened

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:

00:00:219
Read CacheRepair

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:

00:00:219
Read CachePrefix

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat

00:00:219
Read

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat

00:00:219
Read CacheLimit

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat

00:00:219
Read CacheOptions

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat

00:00:219
Read CachePath

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat

00:00:219
Read CachePrefix

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat

00:00:219
Read CacheRepair

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld

00:00:219
Read CacheLimit

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld

00:00:219
Read CacheOptions
Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld
00:00:219
Read CachePath

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld

00:00:219
Read CachePrefix

Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld

00:00:219
Read CacheRepair

00:00:219 Others Expanded environment-variable strings and replace them with the values defined for the current use

00:00:219 Others Initialized a critical section object and set the spin count for the critical section

Registry HKLM\Software\Microsoft\Internet
00:00:219
Opened Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET

Registry HKCU\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543

Registry
00:00:235 HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
Opened

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_ALLOW_LONG_INTERNATIONAL_FILENAMES

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608

Registry
00:00:235 HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Opened

Registry
00:00:235 HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Opened

Registry HKCU\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK

Registry HKCU\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS

Registry HKCU\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477

Registry HKCU\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289

Registry HKCU\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274

Registry HKCU\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_RELEASE_KEYS_ON_UNLOAD_KB975619

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266

Registry HKCU\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149

Registry HKCU\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545

Registry HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

00:00:235
Read ScavengeCacheFileLimit

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

00:00:235
Read ScavengeCacheFileLimit

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

00:00:235
Read ScavengeCacheFileLifeTime

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read WpadSearchAllDomains

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read SocketSendBufferLength

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read SocketReceiveBufferLength
Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
00:00:235
Read ServerInfoTimeout

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read SendTimeOut

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read SendExtraCRLF

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read ScavengeCacheLowerBound

Registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read MaxConnectionsPerServer

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_RELEASE_KEYS_ON_UNLOAD_KB975619

Registry
00:00:235 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Opened

Registry
00:00:235 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Opened

Registry
00:00:235 Opened HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

Registry HKCU\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_ALLOW_LONG_INTERNATIONAL_FILENAMES

Registry
00:00:235 HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
Opened

Registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

00:00:235
Read ScavengeCacheFileLimit

Registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read SendTimeOut

Registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read ReceiveTimeOut

Registry
00:00:235 HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
Opened

Registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read MaxConnectionsPer1_0Server

Registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read DisableWorkerThreadHibernation

Registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read ConnectTimeOut

Registry HKCU\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543

Registry
00:00:235 HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
Opened

Registry HKCU\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS

Registry HKLM\Software\Microsoft\Internet
00:00:235
Opened Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK

Registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read ConnectRetries

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read PerUserCookies

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read ReceiveTimeOut

Registry
00:00:235 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Opened

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read CertCacheNoValidate

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235 Read ConnectRetries

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read ConnectTimeOut

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read DisableNTLMPreAuth

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read DisableReadRange

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read DisableWorkerThreadHibernation

Registry
00:00:235 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Opened

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read FtpDefaultExpiryTimeSecs

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read HttpDefaultExpiryTimeSecs

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read KeepAliveTimeout

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read LeashLegacyCookies

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read MaxConnectionsPer1_0Server

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read MaxHttpRedirects

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read MaxConnectionsPerServer

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:235
Read MaxConnectionsPerProxy

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read WarnOnZoneCrossing

Registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read DontUseDNSLoadBalancing

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read MimeExclusionListForCache

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read AlwaysDrainOnRedirect

Registry HKLM\Software\Microsoft\Internet
00:00:250
Opened Explorer\Main\FeatureControl\FEATURE_SECURITY_FLAG_IGNORE_REVOCATION_KB2275828

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read WarnAlwaysOnPost

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read WarnOnBadCertRecving

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read DnsCacheEnabled

Registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read ShareCredsWithWinHttp

Registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read TcpAutotuning

Socket
00:00:250 Initiated WS2_32 socket DLL
Activities

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read DnsCacheEntries

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read DnsCacheTimeout

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read WarnOnPostRedirect

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read DontUseDNSLoadBalancing

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read HeaderExclusionListForCache

Registry HKCU\Software\Microsoft\Internet
00:00:250
Opened Explorer\Main\FeatureControl\FEATURE_SECURITY_FLAG_IGNORE_REVOCATION_KB2275828

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read WarnOnHTTPSToHTTPRedirect

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:250
Read WarnOnPost

Registry HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad

00:00:266
Read WpadOverride

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:266
Read GlobalUserOffline

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:266
Read BadProxyExpiresTime

Registry HKCU\Software\Microsoft\Internet
00:00:266
Opened Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615

Registry
00:00:266 HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
Opened

Registry HKLM\Software\Microsoft\Internet
00:00:282
Opened Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

Registry HKCU\Software\Microsoft\Internet
00:00:282
Opened Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

Registry HKLM\Software\Microsoft\Internet
00:00:282
Opened Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615

Registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:282
Read DisableBranchCache

Network
00:00:282 Operations, Cracked the URL into its component parts: HTTP://HEXACAM.COM/JHGCD476334?
miscellaneous

Network
00:00:297 Operations, Set an Internet option: 5
miscellaneous

Network
00:00:297 Operations, Set an Internet option: 6
miscellaneous

Network
00:00:297 Operations, Set an Internet option: 2
miscellaneous

Process
00:00:313 Operations, Established a connection to the service control manager and open the service control manager database
miscellaneous

Process
00:00:313 Terminated an existing service's handle:sens
Opened

Process
00:00:313 Operations, Obtained the current status of a service
miscellaneous

Process Opened an existing service sens

00:00:313
Opened

HKU\S-1-5-21-2969830022-2362906686-2146684197-
Registry
00:00:329 500\Software\Microsoft\windows\CurrentVersion\Internet Settings
Read
AutoConfigURL

Registry HKLM\System\Setup
00:00:329
Read SystemSetupInProgress

Registry
00:00:329 HKCR\AutoProxyTypes\Application/x-ns-proxy-autoconfig
Opened

Registry HKU\S-1-5-21-2969830022-2362906686-2146684197-
00:00:329
Created 500\Software\Microsoft\windows\CurrentVersion\Internet Settings

Registry HKU\S-1-5-21-2969830022-2362906686-2146684197-
00:00:329
Created 500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

HKU\S-1-5-21-2969830022-2362906686-2146684197-
Registry
00:00:329 500\Software\Microsoft\windows\CurrentVersion\Internet Settings
Read
ProxyEnable

Registry
00:00:329 HKCR\AutoProxyTypes
Opened

Registry
00:00:329 HKCR\AutoProxyTypes\Application/x-internet-signup
Opened

HKU\S-1-5-21-2969830022-2362906686-2146684197-
Registry
00:00:329 500\Software\Microsoft\windows\CurrentVersion\Internet Settings
Read
ProxyOverride

HKU\S-1-5-21-2969830022-2362906686-2146684197-
Registry
00:00:329 500\Software\Microsoft\windows\CurrentVersion\Internet Settings
Read
ProxyServer

HKU\S-1-5-21-2969830022-2362906686-2146684197-
Registry
00:00:329 500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
Read
DefaultConnectionSettings

HKU\S-1-5-21-2969830022-2362906686-2146684197-
Registry
00:00:329 500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
Read
SavedLegacySettings

769597be
Thread
00:00:329
Created

Process
00:00:329 Operations, Opened the access token associated with a thread
miscellaneous

DNS
00:00:329 Translated a host name into an IP address
Queries

Socket
00:00:329 Created a socket
Activities

Network
00:00:329 Operations, Retrieved the Internet connected state of the local system
miscellaneous

Network
00:00:329 Operations, Set an Internet option: 49
miscellaneous
Network
00:00:329 Operations, Set an Internet option: 4a
miscellaneous

HKU\S-1-5-21-2969830022-2362906686-2146684197-
Registry 500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
00:00:329
Modified 46
REG_BINARY

HKU\S-1-5-21-2969830022-2362906686-2146684197-
Registry
00:00:329 500\Software\Microsoft\windows\CurrentVersion\Internet Settings
Deleted
ProxyServer

HKU\S-1-5-21-2969830022-2362906686-2146684197-
Registry
00:00:329 500\Software\Microsoft\windows\CurrentVersion\Internet Settings
Deleted
ProxyOverride

HKU\S-1-5-21-2969830022-2362906686-2146684197-
Registry
00:00:329 500\Software\Microsoft\windows\CurrentVersion\Internet Settings
Deleted
AutoConfigURL

Registry HKU\S-1-5-21-2969830022-2362906686-2146684197-
00:00:329
Opened 500\Software\Microsoft\windows\CurrentVersion\Internet Settings

Registry
00:00:329 HKU\S-1-5-21-2969830022-2362906686-2146684197-500
Opened

Registry
00:00:329 HKLM\System\Setup
Opened

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:329
Read AutoConfigCustomUA

Registry HKCR\AutoProxyTypes\Application/x-ns-proxy-autoconfig
00:00:329
Read Flags

Registry HKCR\AutoProxyTypes\Application/x-ns-proxy-autoconfig
00:00:329
Read FileExtensions

Registry HKCR\AutoProxyTypes\Application/x-ns-proxy-autoconfig
00:00:329
Read Default

HKU\S-1-5-21-2969830022-2362906686-2146684197-
Registry 500\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable
00:00:329
Modified 0
REG_DWORD

Registry HKCR\AutoProxyTypes\Application/x-internet-signup
00:00:329
Read Default

Registry HKCR\AutoProxyTypes\Application/x-internet-signup
00:00:329 Read DllFile

Registry HKCR\AutoProxyTypes\Application/x-internet-signup
00:00:329
Read FileExtensions

Registry HKCR\AutoProxyTypes\Application/x-internet-signup
00:00:329
Read Flags

Registry HKCR\AutoProxyTypes\Application/x-ns-proxy-autoconfig
00:00:329
Read DllFile

Socket
00:00:360 IP:127.0.0.1, Port:8938
Activities

Socket
00:00:360 IP:127.0.0.1, Port:0
Activities

Network Initialized the WinINet functions, Agent name: mozilla/4.0 (compatible; msie 7.0; windows nt 6.1; wow64;
00:00:360 Operations, trident/4.0; slcc2; .net clr 2.0.50727; .net clr 3.5.30729; .net clr 3.0.30729; media center pc 6.0; infopath.2;
miscellaneous .net4.0c; .net4.0e), Access type: PRECONFIG Flags: PORT_NUMBER

Registry
00:00:360 HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
Opened

Registry HKLM\Software\Microsoft\Internet
00:00:360
Opened Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209

Network
00:00:360 Operations, Set an Internet option: 2d
miscellaneous
Network
00:00:360 Operations, Opened a HTTP or FTP session for a given site: HEXACAM.COM
miscellaneous

Network
00:00:360 Operations, Set an Internet option: 6c
miscellaneous

Registry
00:00:360 HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
Opened

Socket
00:00:360 Obtained the local name (address) for a socket
Activities

Registry HKCU\Software\Microsoft\Internet
00:00:360
Opened Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209

Socket
00:00:375 Obtained information about a given networking service
Activities

Network
00:00:375 Operations, Verb: get, ObjectName: /jhgcd476334?, Version: , Referer: , Flags: 400000, Context: 73c090
miscellaneous

Socket
00:00:391 Obtained information about next service in order of networking providers
Activities

Process
00:00:391 Operations, Initialized COM library for the current thread and set it in the concurrency mode
miscellaneous

Process
Decremented a thread's suspend count
00:00:391 Operations,
miscellaneous

Thread 7695e44f
00:00:391 Created

00:00:391 Others Obtained the current system date and time in in Coordinated Universal Time (UTC) format

Network
00:00:407 Operations, Set an Internet option: 64
miscellaneous

Network
00:00:407 Operations, Set an Internet option: 56
miscellaneous

Network
00:00:407 Operations, Set an Internet option: 44
miscellaneous

Network
00:00:407 Operations, Set an Internet option: 41
miscellaneous

Network
00:00:407 Operations, Set an Internet option: 3e
miscellaneous

Network
00:00:407 Operations, Set an Internet option: 3a
miscellaneous

Network
00:00:407 Operations, Set an Internet option: 58
miscellaneous

Network
00:00:407 Operations, Set an Internet option: 65
miscellaneous

Network
00:00:407 Operations, Set an Internet option: 66
miscellaneous

Network
00:00:407 Operations, Headers: , HeaderLength: 0, Optional: , OptionalLength: 0
miscellaneous
DNS
00:00:422 Translated a host name WIN-AUPGCV3CTSS into an IP address
Queries

{DCB00C01-570F-4A9B-8D69-199FDBA5723B}
Process
00:00:422
Created

{A47979D2-C419-11D9-A5B4-001185AD2B89}
Process
00:00:422
Created

{0000032A-0000-0000-C000-000000000046}
Process
00:00:422
Created

Registry HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad

00:00:438
Read WpadLastNetwork

Registry HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-

00:00:438
Opened C69F699B075A}

Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

00:00:438
Read AutoProxyDetectType

DNS
00:03:046 Translated a host name WPAD into an IP address
Queries

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-78-
Registry 23\WpadDecisionReason
00:11:484
Modified 1
REG_DWORD

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-
Registry C69F699B075A}\WpadDecisionReason
00:11:484
Modified 1
REG_DWORD

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-78-
Registry 23\WpadDecisionTime
00:11:484
Modified 820B3020
REG_BINARY

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-
Registry C69F699B075A}\WpadDecision
00:11:484
Modified 3
REG_DWORD

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-
Registry C69F699B075A}\WpadDecisionTime
00:11:484
Modified 820B3020
REG_BINARY

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-
Registry C69F699B075A}\WpadNetworkName
00:11:484
Modified Network 2
REG_SZ

Registry
00:11:484 HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-78-23
Opened

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-78-
Registry 23\WpadDecision
00:11:484
Modified 3
REG_DWORD

Registry HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-

00:11:484
Created C69F699B075A}\52-54-00-bc-78-23

HKU\S-1-5-21-2969830022-2362906686-2146684197-
Registry 500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
00:11:500
Modified 46
REG_BINARY

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
Registry
00:11:500 {CC771B05-B3AC-42A3-AA57-C69F699B075A}
Modified
REG_SZ

DNS
00:11:515 Translated a host name HEXACAM.COM into an IP address
Queries

Socket
00:21:625 Activities IP:98.124.253.210, Port:20480

Socket
00:21:625 Controlled the I/O mode of the newly created socket
Activities

Socket
00:21:625 Converted a short value from TCP/IP network byte order to host byte order
Activities

Socket
00:21:625 Converted a short value from host to TCP/IP network byte order
Activities

Socket
00:21:625 IP:0.0.0.0, Port:0
Activities

Socket
00:21:625 Received data from a connected or bound socket
Activities

Socket
00:21:625 Sent data on a connected socket
Activities

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-
Registry C69F699B075A}\WpadDecision
00:22:047
Modified 0
REG_DWORD

Network
00:22:047 Operations, Retrieved header information associated with the HTTP request
miscellaneous

Registry
00:22:047 HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-78-23
Created

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-
Registry
00:22:047 C69F699B075A}\52-54-00-bc-78-23
Read

Socket
00:22:047 Closed the socket
Activities

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-
Registry C69F699B075A}\WpadDecisionTime
00:22:047
Modified 88596A50
REG_BINARY

Registry HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-

00:22:047
Created C69F699B075A}

00:22:062 Files Read Reads data from a handle opened by the InternetOpenUrl, FtpOpenFile, or HttpOpenRequest function

Network
00:22:062 Operations, Verb: get, ObjectName: /jhgcd476334?, Version: , Referer: , Flags: 400000, Context: 7503b0
miscellaneous

Network
00:22:062 Operations, Cracked the URL into its component parts: HTTP://ALUCMUHENDISLIK.COM/JHGCD476334?
miscellaneous

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-78-
Registry 23\WpadDecisionTime
00:22:062
Modified 88596A50
REG_BINARY

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-78-
Registry 23\WpadDecision
00:22:062
Modified 0
REG_DWORD

Network
00:22:062 Operations, Opened a HTTP or FTP session for a given site: ALUCMUHENDISLIK.COM
miscellaneous

DNS
00:22:079 Translated a host name ALUCMUHENDISLIK.COM into an IP address
Queries

Socket
00:22:437 IP:185.216.113.80, Port:20480
Activities

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IETldCache\, attribute: Hidden & System &

Files NotContentIndex
00:22:968 Modified
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
Files Read & Write
00:22:968
Created 10000000

DNS
00:22:985 Translated a host name WWW.ALUCMUHENDISLIK.COM.TR into an IP address
Queries

DNS
00:22:985 Translated a host name YAMANASHI-JYUJIN.JP into an IP address
Queries

Network
00:22:985 Operations, Verb: get, ObjectName: /jhgcd476334?, Version: , Referer: , Flags: 400000, Context: 76db20
miscellaneous

{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
Process
00:22:985
Created

Network
00:22:985 Operations, Opened a HTTP or FTP session for a given site: YAMANASHI-JYUJIN.JP
miscellaneous

Network
00:22:985 Operations, Cracked the URL into its component parts: HTTP://YAMANASHI-JYUJIN.JP/JHGCD476334?
miscellaneous

Process
00:23:079 Ended itself and all of its threads
killed

Engine Analysis

Engine Threat Name Severity

GTI File Reputation TYPE_TROJAN ⬤ 5 - Very High

GTI URL Reputation Malicious Sites ⬤ 5 - Very High

Gateway Anti-Malware VBS/Downloader.qj ⬤ 5 - Very High

Anti-Malware VBS/Downloader.qj ⬤ 5 - Very High

YARA

Custom Rules

Sandbox ⬤ 2 - Low

Final ⬤ 5 - Very High

Sample is malicious: final severity level 5

FL-674681.vbs

Run-Time Dlls: 15
advapi32.dll

comctl32.dll

dhcpcsvc.dll

dnsapi

iphlpapi.dll

iphlpapi

kernel32.dll

normaliz.dll

ole32.dll

oleaut32.dll
rasapi32.dll

sensapi.dll

shell32.dll

urlmon.dll

ws2_32

File Operations: 21

Files Created

File Name Access Mode File Attributes

Read &
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 10000000
Write

C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Read &

10000000
Files\Content.IE5\index.dat Write

Read &
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 10000000
Write

Read &
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat 10000000
Write

Files Opened

File Name Access Mode File Attributes

C:\bfzpaudfpy\266c0929-6165-4669-9237-ebf1f5d56fcc.vbs Read 8000000

Files Modified

Destination
Source File Written
File/Write

C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\, attribute: Hidden & System &

NotContentIndex

C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\, attribute:

Hidden & System & NotContentIndex

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\, attribute: Hidden & System &

NotContentIndex

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IETldCache\, attribute: Hidden & System &

NotContentIndex

Files Read

C:\bfzpaudfpy\266c0929-6165-4669-9237-ebf1f5d56fcc.vbs

Reads data from a handle opened by the InternetOpenUrl, FtpOpenFile, or HttpOpenRequest function

Memory Mapped Files

Created a file that can be used for memory mapping

Opened a named file-mapping object

Other

Obtained a set of FAT file system attributes for a file or directory

Obtained path of the folder from its CLSID

Obtained the path of the Windows system directory

Retrieved the full path for the module

Retrieved the path of the directory designated for temporary files

Searched a directory for the name: C:\Users

Searched a directory for the name: C:\Users\ADMINI~1
Set the date and time of a file or directory

Registry Operations: 245

Registry Created

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

HKCU\Software\Microsoft\Windows Script Host\Settings

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-78-23

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-C69F699B075A}

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-C69F699B075A}\52-54-00-bc-78-23

HKLM\Software\Microsoft\Windows Script Host\Settings

HKU\S-1-5-21-2969830022-2362906686-2146684197-500\Software\Microsoft\windows\CurrentVersion\Internet Settings

HKU\S-1-5-21-2969830022-2362906686-2146684197-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

Registry Opened

HKCR\.vbs

HKCR\AutoProxyTypes

HKCR\AutoProxyTypes\Application/x-internet-signup

HKCR\AutoProxyTypes\Application/x-ns-proxy-autoconfig

HKCR\VBSFile\ScriptEngine

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

HKCU\Software

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_LONG_INTERNATIONAL_FILENAMES

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_KEYS_ON_UNLOAD_KB975619

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITY_FLAG_IGNORE_REVOCATION_KB2275828

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET

HKCU\Software\Microsoft\Windows Script Host\Settings

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012021012020210121

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-78-23

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-AA57-C69F699B075A}

HKCU\Software\Policies

HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl

HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

HKLM\Software

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_LONG_INTERNATIONAL_FILENAMES

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_KEYS_ON_UNLOAD_KB975619

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITY_FLAG_IGNORE_REVOCATION_KB2275828

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET

HKLM\Software\Microsoft\Windows Script Host\Settings

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History

HKLM\Software\Policies

HKLM\Software\Policies\Microsoft\Internet Explorer

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl

HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\System\Setup

HKU\S-1-5-21-2969830022-2362906686-2146684197-500

HKU\S-1-5-21-2969830022-2362906686-2146684197-500\Software\Microsoft\windows\CurrentVersion\Internet Settings

Registry Deleted

Key Value

HKU\S-1-5-21-2969830022-2362906686-2146684197-500\Software\Microsoft\windows\CurrentVersion\Internet Settings AutoConfigURL

HKU\S-1-5-21-2969830022-2362906686-2146684197-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ProxyOverride

HKU\S-1-5-21-2969830022-2362906686-2146684197-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ProxyServer

Registry Modified

Key NewValue Type

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-
0 REG_DWORD
78-23\WpadDecision

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-
3 REG_DWORD
78-23\WpadDecision

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-
1 REG_DWORD
78-23\WpadDecisionReason

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-
820B3020 REG_BINARY
78-23\WpadDecisionTime

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\52-54-00-bc-
88596A50 REG_BINARY
78-23\WpadDecisionTime

{CC771B05-B3AC-
HKCU\Software\Microsoft\windows\CurrentVersion\Internet
42A3-AA57- REG_SZ
Settings\Wpad\WpadLastNetwork
C69F699B075A}

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-
0 REG_DWORD
B3AC-42A3-AA57-C69F699B075A}\WpadDecision

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-
B3AC-42A3-AA57-C69F699B075A}\WpadDecision 3 REG_DWORD

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-
1 REG_DWORD
B3AC-42A3-AA57-C69F699B075A}\WpadDecisionReason

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-
820B3020 REG_BINARY
B3AC-42A3-AA57-C69F699B075A}\WpadDecisionTime
HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-
88596A50 REG_BINARY
B3AC-42A3-AA57-C69F699B075A}\WpadDecisionTime

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-
Network 2 REG_SZ
B3AC-42A3-AA57-C69F699B075A}\WpadNetworkName

HKU\S-1-5-21-2969830022-2362906686-2146684197-
500\Software\Microsoft\windows\CurrentVersion\Internet 46 REG_BINARY
Settings\Connections\DefaultConnectionSettings

HKU\S-1-5-21-2969830022-2362906686-2146684197-
500\Software\Microsoft\windows\CurrentVersion\Internet 46 REG_BINARY
Settings\Connections\SavedLegacySettings

HKU\S-1-5-21-2969830022-2362906686-2146684197-
0 REG_DWORD
500\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable

Registry Read

HKCR\.vbs Default

HKCR\AutoProxyTypes\Application/x-internet-signup Default

HKCR\AutoProxyTypes\Application/x-internet-signup DllFile

HKCR\AutoProxyTypes\Application/x-internet-signup FileExtensions

HKCR\AutoProxyTypes\Application/x-internet-signup Flags

HKCR\AutoProxyTypes\Application/x-ns-proxy-autoconfig Default

HKCR\AutoProxyTypes\Application/x-ns-proxy-autoconfig DllFile

HKCR\AutoProxyTypes\Application/x-ns-proxy-autoconfig FileExtensions

HKCR\AutoProxyTypes\Application/x-ns-proxy-autoconfig Flags

HKCR\VBSFile\ScriptEngine Default

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings AlwaysDrainOnRedirect

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings AutoConfigCustomUA

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings AutoProxyDetectType

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings BadProxyExpiresTime

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings CacheMode

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings CertCacheNoValidate

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ClientAuthBuiltInUI

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ConnectRetries

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ConnectTimeOut

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DisableBasicOverClearChannel

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DisableKeepAlive

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DisableNTLMPreAuth

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DisablePassport

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DisableReadRange

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DisableWorkerThreadHibernation

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DnsCacheEnabled

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DnsCacheEntries

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DnsCacheTimeout

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DontUseDNSLoadBalancing

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings EnableNegotiate

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings FromCacheTimeout

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings FtpDefaultExpiryTimeSecs

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings GlobalUserOffline

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings HeaderExclusionListForCache

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings HttpDefaultExpiryTimeSecs

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings IdnEnabled

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings KeepAliveTimeout

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings LeashLegacyCookies

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings MaxConnectionsPer1_0Server

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings MaxConnectionsPerProxy

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings MaxConnectionsPerServer

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings MaxHttpRedirects

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings MimeExclusionListForCache

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings PerUserCookies

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ReceiveTimeOut

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ScavengeCacheLowerBound

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings SendExtraCRLF

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings SendTimeOut

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ServerInfoTimeout

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings SocketReceiveBufferLength

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings SocketSendBufferLength

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings SyncMode5

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings WarnAlwaysOnPost

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings WarnOnBadCertRecving

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings WarnOnHTTPSToHTTPRedirect

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings WarnOnPost

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings WarnOnPostRedirect

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings WarnOnZoneCrossing

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings WpadSearchAllDomains

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache ScavengeCacheFileLifeTime

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache ScavengeCacheFileLimit

HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache ScavengeCacheFileLimit

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl Feature_ClientAuthCertFilter

HKCU\Software\Microsoft\Windows Script Host\Settings DisplayLogo

HKCU\Software\Microsoft\Windows Script Host\Settings Enabled

HKCU\Software\Microsoft\Windows Script Host\Settings LogSecuritySuccesses

HKCU\Software\Microsoft\Windows Script Host\Settings Timeout

HKCU\Software\Microsoft\Windows Script Host\Settings TrustPolicy

HKCU\Software\Microsoft\Windows Script Host\Settings UseWINSAFER

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache Signature

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content CacheLimit

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content CachePrefix

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content PerUserItem

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies CacheLimit

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies CachePrefix

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies PerUserItem

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CacheLimit
Cache\MSHist012021012020210121

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CacheOptions
Cache\MSHist012021012020210121

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CachePath
Cache\MSHist012021012020210121

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CachePrefix
Cache\MSHist012021012020210121

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CacheRepair
Cache\MSHist012021012020210121

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CacheLimit
Cache\PrivacIE:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CacheOptions
Cache\PrivacIE:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
Cache\PrivacIE: CachePath

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CachePrefix
Cache\PrivacIE:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CacheRepair
Cache\PrivacIE:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
Cache\feedplat

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CacheLimit
Cache\feedplat

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CacheOptions
Cache\feedplat

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CachePath
Cache\feedplat

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CachePrefix
Cache\feedplat

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CacheRepair
Cache\feedplat

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CacheLimit
Cache\ietld

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CacheOptions
Cache\ietld

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CachePath
Cache\ietld

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CachePrefix
Cache\ietld

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible
CacheRepair
Cache\ietld

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History CacheLimit

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History CachePrefix

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History PerUserItem

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad WpadLastNetwork

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad WpadOverride

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{CC771B05-B3AC-42A3-
AA57-C69F699B075A}\52-54-00-bc-78-23

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ConnectRetries

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ConnectTimeOut

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DisableBranchCache

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DisableWorkerThreadHibernation

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings DontUseDNSLoadBalancing

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings MaxConnectionsPer1_0Server

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings MaxConnectionsPerServer

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ReceiveTimeOut

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings SendTimeOut

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ShareCredsWithWinHttp

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings TcpAutotuning

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache ScavengeCacheFileLimit

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl Feature_ClientAuthCertFilter

HKLM\Software\Microsoft\Windows Script Host\Settings DisplayLogo

HKLM\Software\Microsoft\Windows Script Host\Settings Enabled

HKLM\Software\Microsoft\Windows Script Host\Settings IgnoreUserSettings

HKLM\Software\Microsoft\Windows Script Host\Settings LogSecuritySuccesses

HKLM\Software\Microsoft\Windows Script Host\Settings Timeout

HKLM\Software\Microsoft\Windows Script Host\Settings TrustPolicy

HKLM\Software\Microsoft\Windows Script Host\Settings UseWINSAFER

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache SessionStartTimeDefaultDeltaSecs

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content PerUserItem

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies PerUserItem

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History PerUserItem

HKLM\System\Setup SystemSetupInProgress

HKU\S-1-5-21-2969830022-2362906686-2146684197-
AutoConfigURL
500\Software\Microsoft\windows\CurrentVersion\Internet Settings

HKU\S-1-5-21-2969830022-2362906686-2146684197-
ProxyEnable
500\Software\Microsoft\windows\CurrentVersion\Internet Settings

HKU\S-1-5-21-2969830022-2362906686-2146684197-
ProxyOverride
500\Software\Microsoft\windows\CurrentVersion\Internet Settings

HKU\S-1-5-21-2969830022-2362906686-2146684197-
ProxyServer
500\Software\Microsoft\windows\CurrentVersion\Internet Settings

HKU\S-1-5-21-2969830022-2362906686-2146684197-
DefaultConnectionSettings
500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

HKU\S-1-5-21-2969830022-2362906686-2146684197-
SavedLegacySettings
500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

Process Operations: 22

Process Created

Process Name Module

{00000323-0000-0000-C000-000000000046}

{0000032A-0000-0000-C000-000000000046}

{06290BD1-48AA-11D2-8432-006008C3FBFC}

{6C736DB1-BD94-11D0-8A23-00AA00B58E10}

{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}

{A47979D2-C419-11D9-A5B4-001185AD2B89}

{B54F3741-5B07-11CF-A4B0-00AA004A55E8}

{DCB00C01-570F-4A9B-8D69-199FDBA5723B}

Process Opened

Process Name/Address PID/Process Name

Opened an existing service sens

Terminated an existing service's handle:sens

Process killed

Ended itself and all of its threads

Thread Created

769597be

7695e44f

d22f25

Other

Deactivated the activation context corresponding to the specified cookie

Decremented a thread's suspend count

Established a connection to the service control manager and open the service control manager database

Initialized COM library for the current thread and set it in the concurrency mode

Obtained the current status of a service

Opened the access token associated with a process

Opened the access token associated with a thread

Set a waiting mode until a specified object is in the signaled state or the time-out interval elapses

Network Operations: 52

DNS Queries

Translated a host name into an IP address

Translated a host name ALUCMUHENDISLIK.COM into an IP address

Translated a host name HEXACAM.COM into an IP address

Translated a host name WIN-AUPGCV3CTSS into an IP address

Translated a host name WPAD into an IP address

Translated a host name WWW.ALUCMUHENDISLIK.COM.TR into an IP address

Translated a host name YAMANASHI-JYUJIN.JP into an IP address

Socket Activities

Closed the socket

Controlled the I/O mode of the newly created socket

Converted a short value from TCP/IP network byte order to host byte order
Converted a short value from host to TCP/IP network byte order

Created a socket

IP:0.0.0.0, Port:0

IP:127.0.0.1, Port:0

IP:127.0.0.1, Port:8938

IP:185.216.113.80, Port:20480

IP:98.124.253.210, Port:20480

Initiated WS2_32 socket DLL

Obtained information about a given networking service

Obtained information about next service in order of networking providers

Obtained the local name (address) for a socket

Received data from a connected or bound socket

Sent data on a connected socket

Other

Cracked the URL into its component parts: HTTP://ALUCMUHENDISLIK.COM/JHGCD476334?

Cracked the URL into its component parts: HTTP://HEXACAM.COM/JHGCD476334?

Cracked the URL into its component parts: HTTP://YAMANASHI-JYUJIN.JP/JHGCD476334?

Headers: , HeaderLength: 0, Optional: , OptionalLength: 0

Initialized the WinINet functions, Agent name: mozilla/4.0 (compatible; msie 7.0; windows nt 6.1; wow64; trident/4.0; slcc2; .net clr 2.0.50727;
.net clr 3.5.30729; .net clr 3.0.30729; media center pc 6.0; infopath.2; .net4.0c; .net4.0e), Access type: PRECONFIG Flags: PORT_NUMBER

Opened a HTTP or FTP session for a given site: ALUCMUHENDISLIK.COM

Opened a HTTP or FTP session for a given site: HEXACAM.COM

Opened a HTTP or FTP session for a given site: YAMANASHI-JYUJIN.JP

Retrieved header information associated with the HTTP request

Retrieved the Internet connected state of the local system

Set an Internet option: 2

Set an Internet option: 2d

Set an Internet option: 3a

Set an Internet option: 3e

Set an Internet option: 41

Set an Internet option: 44

Set an Internet option: 49

Set an Internet option: 4a

Set an Internet option: 5

Set an Internet option: 56

Set an Internet option: 58

Set an Internet option: 6

Set an Internet option: 64

Set an Internet option: 65

Set an Internet option: 66

Set an Internet option: 6c

Verb: get, ObjectName: /jhgcd476334?, Version: , Referer: , Flags: 400000, Context: 73c090

Verb: get, ObjectName: /jhgcd476334?, Version: , Referer: , Flags: 400000, Context: 7503b0

Verb: get, ObjectName: /jhgcd476334?, Version: , Referer: , Flags: 400000, Context: 76db20

Other Operations: 6

Others

Expanded environment-variable strings and replace them with the values defined for the current use

Initialized a critical section object and set the spin count for the critical section

Obtained information about an access token

Obtained the current system date and time in in Coordinated Universal Time (UTC) format

Retrieved information about a locale specified by a identifier

Retrieved the user's logon name

McAfee Active Response

Status: Product is not Available

Threat Analysis Report: Hash Values File Details Environment
No ratings yet
Threat Analysis Report: Hash Values File Details Environment
25 pages
Mitre Att&Ck Mapping
No ratings yet
Mitre Att&Ck Mapping
30 pages
Summary
No ratings yet
Summary
287 pages
Practical Windows Forensics - Cheat Sheet
No ratings yet
Practical Windows Forensics - Cheat Sheet
4 pages
SS Guide - by Specially
No ratings yet
SS Guide - by Specially
11 pages
Threat Analysis Report: Hash Values File Details Environment
No ratings yet
Threat Analysis Report: Hash Values File Details Environment
24 pages
1.2.5. Estructura Organizacional para Operar El Programa.
No ratings yet
1.2.5. Estructura Organizacional para Operar El Programa.
39 pages
Threat Analysis Report
No ratings yet
Threat Analysis Report
18 pages
CMD Shortcuts
No ratings yet
CMD Shortcuts
4 pages
WildFire Malware Analysis Report
No ratings yet
WildFire Malware Analysis Report
8 pages
Splunk Use Case.
No ratings yet
Splunk Use Case.
18 pages
Policy Rules 5
No ratings yet
Policy Rules 5
458 pages
Report
No ratings yet
Report
45 pages
Global Verdict Report 4
No ratings yet
Global Verdict Report 4
35 pages
Windows Forensics Analysis Guide
100% (1)
Windows Forensics Analysis Guide
19 pages
Avgrep
No ratings yet
Avgrep
2 pages
Xset 1
No ratings yet
Xset 1
6 pages
Threat Analysis Report: Hash Values File Details Environment
No ratings yet
Threat Analysis Report: Hash Values File Details Environment
25 pages
Report
No ratings yet
Report
34 pages
Mitre Attacks Detection Rules PDF 1699418463
No ratings yet
Mitre Attacks Detection Rules PDF 1699418463
131 pages
Splunk Security Use Cases Guide
No ratings yet
Splunk Security Use Cases Guide
14 pages
Code To Type in Run Command: Option
No ratings yet
Code To Type in Run Command: Option
4 pages
Windows - Forensics Building Lab and Essential Investigation
No ratings yet
Windows - Forensics Building Lab and Essential Investigation
238 pages
Metasploit Cheatsheet - HackersOnlineClub
No ratings yet
Metasploit Cheatsheet - HackersOnlineClub
4 pages
Index 508
No ratings yet
Index 508
8 pages
Alert Rules
No ratings yet
Alert Rules
471 pages
APT Hunter: Detecting Windows Abnormalities
No ratings yet
APT Hunter: Detecting Windows Abnormalities
36 pages
Use Case Library
No ratings yet
Use Case Library
24 pages
Ultra Virus Killer Log
No ratings yet
Ultra Virus Killer Log
8 pages
Usefullruncommand
No ratings yet
Usefullruncommand
3 pages
Top 200 Most Useful Windows Commands - A Must Know For Every User!
No ratings yet
Top 200 Most Useful Windows Commands - A Must Know For Every User!
11 pages
Dos Commands
No ratings yet
Dos Commands
4 pages
Threat Analysis Report: Paymentinv
No ratings yet
Threat Analysis Report: Paymentinv
54 pages
Conti Leaked Playbook TTPs
No ratings yet
Conti Leaked Playbook TTPs
8 pages
Report TreatGrid
No ratings yet
Report TreatGrid
201 pages
Summary
No ratings yet
Summary
7 pages
Ad 1690970174
No ratings yet
Ad 1690970174
78 pages
Prev
No ratings yet
Prev
1,047 pages
Windows Forensics Cheatsheet
No ratings yet
Windows Forensics Cheatsheet
1 page
ZHP Diag
No ratings yet
ZHP Diag
41 pages
Malwarebytes AdwCleaner Report
No ratings yet
Malwarebytes AdwCleaner Report
2 pages
Actionable DFIR: High Level System Analysis To Get Answers Fast
100% (2)
Actionable DFIR: High Level System Analysis To Get Answers Fast
21 pages
The Windows Forensic Journey
No ratings yet
The Windows Forensic Journey
52 pages
? Windows Privilege Escalation Checklist
No ratings yet
? Windows Privilege Escalation Checklist
3 pages
Start Up List
No ratings yet
Start Up List
3 pages
Module 06 - Windows Forensics-1
No ratings yet
Module 06 - Windows Forensics-1
59 pages
Windows Registry Guide for IT Pros
No ratings yet
Windows Registry Guide for IT Pros
15 pages
XP Command Lines
No ratings yet
XP Command Lines
5 pages
Zadia
No ratings yet
Zadia
55 pages
Comprehensive Software Key Retrieval Tools
No ratings yet
Comprehensive Software Key Retrieval Tools
5 pages
SpybotSD Results
No ratings yet
SpybotSD Results
103 pages
Kas Threats Trojan - WinLNK.Agent - Gen
No ratings yet
Kas Threats Trojan - WinLNK.Agent - Gen
6 pages
Saleh Atiah Abdullah Almalki (192.168.43.213)
No ratings yet
Saleh Atiah Abdullah Almalki (192.168.43.213)
16 pages
Otl
No ratings yet
Otl
18 pages
Startup Configuration Report
No ratings yet
Startup Configuration Report
28 pages
How To Set File and Folder Permissions in Windows
No ratings yet
How To Set File and Folder Permissions in Windows
8 pages
Chapter 1 1
No ratings yet
Chapter 1 1
45 pages
Power BI Guide
No ratings yet
Power BI Guide
33 pages
Algorithms and Flowcharts
No ratings yet
Algorithms and Flowcharts
12 pages
JSS 2 Classification - of - Computer - Base - On - Size-1
No ratings yet
JSS 2 Classification - of - Computer - Base - On - Size-1
9 pages
Hooks in Odoo OWL Framework
No ratings yet
Hooks in Odoo OWL Framework
9 pages
Advanced Java Programming Quiz
No ratings yet
Advanced Java Programming Quiz
2 pages
Mad MP
No ratings yet
Mad MP
13 pages
Solve Web LCT RTN Access Issue Guide
No ratings yet
Solve Web LCT RTN Access Issue Guide
10 pages
(Ebook) Database Concepts by Kroenke, David M Auer, David J ISBN 9780133544626, 9780133544787, 9781292076232, 0133544621, 0133544788, 1292076232
No ratings yet
(Ebook) Database Concepts by Kroenke, David M Auer, David J ISBN 9780133544626, 9780133544787, 9781292076232, 0133544621, 0133544788, 1292076232
65 pages
P14 - Maintaining Access N Covering Tracks v7
No ratings yet
P14 - Maintaining Access N Covering Tracks v7
5 pages
PHP Notes
No ratings yet
PHP Notes
77 pages
Studio One 7 - Release Notes
No ratings yet
Studio One 7 - Release Notes
8 pages
SNA Assignment
No ratings yet
SNA Assignment
42 pages
Salesforce Spring17 Release Notes
No ratings yet
Salesforce Spring17 Release Notes
530 pages
C# Special Characters
100% (1)
C# Special Characters
7 pages
Understanding File Storage and Protecting Contents Laravel 5 - Stack Overflow
No ratings yet
Understanding File Storage and Protecting Contents Laravel 5 - Stack Overflow
2 pages
Practicas LECCION 6 Oracle
No ratings yet
Practicas LECCION 6 Oracle
3 pages
Srs Online Taxi Booking
25% (4)
Srs Online Taxi Booking
36 pages
PACS Manual
No ratings yet
PACS Manual
84 pages
1z0-182 Exam Dumps
No ratings yet
1z0-182 Exam Dumps
6 pages
By Uttam Kumar Btech6030820
No ratings yet
By Uttam Kumar Btech6030820
20 pages
Adv OS MCQ
No ratings yet
Adv OS MCQ
16 pages
IT Internship Application
No ratings yet
IT Internship Application
3 pages
Icf 3rd Grading Exam
No ratings yet
Icf 3rd Grading Exam
4 pages
Difference Between Design Quality and Conformance Quality
No ratings yet
Difference Between Design Quality and Conformance Quality
7 pages
Oracle Application Framework ToolBox Tutorial Lessons
No ratings yet
Oracle Application Framework ToolBox Tutorial Lessons
265 pages
ZH36 - Project Presentation
No ratings yet
ZH36 - Project Presentation
7 pages
Photoshop CS5 Workspace Guide
No ratings yet
Photoshop CS5 Workspace Guide
21 pages
CSC 110: Intro to Computers Course
No ratings yet
CSC 110: Intro to Computers Course
4 pages