Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

here - ThreatTrack Security

advertisement 
Analysis Results For: cbc15ca34a62d409b99726b6a2c47a93
On October 29th, 2014 19:30 the ThreatAnalyzer client taclient7 generated a report for analysis #96 with the
following attributes: Threat Analyzer Client Windows 7. The sample analyzed had a file type of Win32Application
and was 80.5 KB in size. The MD5 for this sample is cbc15ca34a62d409b99726b6a2c47a93
According to the Malicious Determination Rules at the time of scan, we have determined this file to pose a High
risk.
1/16
Copyright © 2014 ThreatTrack Security
Determination Results
High Risk:
Sleeps between 5 minutes and 1 hour
Sleeps between 5 minutes and 1 hour
Medium Risk:
Creates run registry key
Creates a registry entry to start itself at each boot
Sleeps between 1 minute and 5 minutes
Sleeps between 1 minute and 5 minutes
A process was started from \Documents and Settings\ or \Users\
A process was started from \Documents and Settings\ or \Users\
Low Risk:
Creates Mutex
Creates a mutex
Checked for installed language packs in the registry
Checked for installed language packs in the registry
Sleeps between 3 seconds and 1 minute
Sleeps between 3 seconds and 1 minute
Uses HTTP GET method
Uses HTTP GET method
Created or modified more than 25 files
Created or modified more than 25 files
2/16
Copyright © 2014 ThreatTrack Security
File Activity/Delete File
File: C:\Users\user\AppData\Local\Temp\WPDNSE
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYXF9MA0\background_gradient_red[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JL8ZM2SY\red_shield_48[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L72OPIFS\green_shield[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDAGRY14\red_shield[1]
File: C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl
File: C:\Windows\prefetch\ReadyBoot\Trace8.fx
File: C:\Users\user\AppData\Local\Temp\WPDNSE
3/16
Copyright © 2014 ThreatTrack Security
File Activity/Stored Created File
File: C:\Users\user\AppData\Local\893686b8
File: C:\ProgramData\893686b8
File: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\893686b8
File: C:\Users\user\AppData\Roaming\893686b8
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYXF9MA0\desktop.ini
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYXF9MA0\background_gradient_red[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYXF9MA0\background_gradient_red[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JL8ZM2SY\desktop.ini
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JL8ZM2SY\red_shield_48[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JL8ZM2SY\red_shield_48[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L72OPIFS\desktop.ini
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L72OPIFS\green_shield[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L72OPIFS\green_shield[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDAGRY14\desktop.ini
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDAGRY14\red_shield[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDAGRY14\red_shield[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYXF9MA0\background_gradient_red[2]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYXF9MA0\background_gradient_red[2]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYXF9MA0\red_shield_48[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYXF9MA0\red_shield_48[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JL8ZM2SY\green_shield[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JL8ZM2SY\green_shield[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L72OPIFS\red_shield[1]
File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L72OPIFS\red_shield[1]
File: C:\Users\user\AppData\Local\893686b8
File: C:\ProgramData\893686b8
File: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\893686b8
File: C:\Users\user\AppData\Roaming\893686b8
File: C:\Users\user\AppData\Local\893686b8
File: C:\ProgramData\893686b8
File: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\893686b8
File: C:\Users\user\AppData\Roaming\893686b8
File: C:\Users\user\AppData\Local\893686b8
File: C:\ProgramData\893686b8
File: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\893686b8
File: C:\Users\user\AppData\Roaming\893686b8
File: C:\Users\user\AppData\Local\893686b8
File: C:\ProgramData\893686b8
File: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\893686b8
File: C:\Users\user\AppData\Roaming\893686b8
File: C:\Users\user\AppData\Local\893686b8
File: C:\ProgramData\893686b8
File: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\893686b8
File: C:\Users\user\AppData\Roaming\893686b8
File: C:\Users\user\AppData\Local\893686b8
File: C:\ProgramData\893686b8
4/16
Copyright © 2014 ThreatTrack Security
File: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\893686b8
File: C:\Users\user\AppData\Roaming\893686b8
File: C:\Users\user\AppData\Local\893686b8
File: C:\ProgramData\893686b8
5/16
Copyright © 2014 ThreatTrack Security
File Activity/Stored Modified File
File: C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
File: C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
6/16
Copyright © 2014 ThreatTrack Security
Registry Activity/Create Key
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASAPI32
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASMANCS
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\RunStuffHasBeenRun
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\LogonSoundHasBeenPlayed
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\StartupHasBeenRun
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000_Classes\Local Settings
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\Drives\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\Current Media
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache
Key Name: \Registry\Machine\System\CurrentControlSet\Services\RdyBoost\Parameters
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000_Classes\Local Settings
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\Drives\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\Current Media
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache
7/16
Copyright © 2014 ThreatTrack Security
Registry Activity/Delete Key
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\Drives\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\Current Media
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\Drives\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\Current Media
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache
8/16
Copyright © 2014 ThreatTrack Security
Registry Activity/Set Value
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASAPI32
Data: EnableFileTracing
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASAPI32
Data: EnableConsoleTracing
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASAPI32
Data: FileTracingMask
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASAPI32
Data: ConsoleTracingMask
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASAPI32
Data: MaxFileSize
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASAPI32
Data: FileDirectory
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASMANCS
Data: EnableFileTracing
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASMANCS
Data: EnableConsoleTracing
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASMANCS
Data: FileTracingMask
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASMANCS
Data: ConsoleTracingMask
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASMANCS
Data: MaxFileSize
Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\cbc15ca34a62d409b99726b6a2c47a93_RASMANCS
Data: FileDirectory
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\windows\CurrentVersion\Internet Settings
Data: ProxyEnable
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\windows\CurrentVersion\Internet
Settings\Connections
Data: SavedLegacySettings
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Data: qcgce2mrvjq91kk1e7pnbb19m52fx1956jc03il0h
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Classes\Local Settings\MuiCache\8\52C64B7E
Data: LanguageList
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Data: CleanShutdown
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9ceebd53-2722-11e4-9e7e-806e6f6e6963}\
Data: Data
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9ceebd53-2722-11e4-9e7e-806e6f6e6963}\
Data: Generation
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9ceebd54-2722-11e4-9e7e-806e6f6e6963}\
Data: Data
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9ceebd54-2722-11e4-9e7e-806e6f6e6963}\
Data: Generation
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677399/16
Copyright © 2014 ThreatTrack Security
1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9ceebd55-2722-11e4-9e7e-806e6f6e6963}\
Data: Data
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9ceebd55-2722-11e4-9e7e-806e6f6e6963}\
Data: Generation
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\
Data: Data
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\
Data: Generation
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9ceebd70-2722-11e4-9e7e-806e6f6e6963}\
Data: Data
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9ceebd70-2722-11e4-9e7e-806e6f6e6963}\
Data: Generation
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9ceebd71-2722-11e4-9e7e-806e6f6e6963}\
Data: Data
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9ceebd71-2722-11e4-9e7e-806e6f6e6963}\
Data: Generation
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\Shell\BagMRU
Data: NodeSlots
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\Shell\BagMRU
Data: MRUListEx
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\
Data: UNCAsIntranet
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\
Data: AutoDetect
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray
Data: Services
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\Drives\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\
Data: Drive Type
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\Drives\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\
Data: IsImapiDataBurnSupported
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\StagingInfo\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\
Data: DriveNumber
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\StagingInfo\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\
Data: StagingPath
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\StagingInfo\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\
Data: Active
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache
Data: UIStatus
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-32746773910/16
Copyright © 2014 ThreatTrack Security
1000\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache
Data: OnlyMember
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Data: vzemkpfjunhdrfq
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Data: HRZR_PGYFRFFVBA
Key Name: \Registry\Machine\System\CurrentControlSet\Services\RdyBoost\Parameters
Data: BootPlan
Key Name: \Registry\Machine\System\CurrentControlSet\Services\RdyBoost\Parameters
Data: ReadyBootPlanAge
Key Name: \Registry\Machine\System\CurrentControlSet\Services\RdyBoost\Parameters
Data: LastBootPlanUserTime
Key Name: \REGISTRY\MACHINE\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DC3313CE-83074637-8C0A-1064D65D3460}\Connection
Data: PnpInstanceID
Key Name: \REGISTRY\MACHINE\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F79B36D9-B84D44AB-81CB-5175E18B6393}\Connection
Data: PnpInstanceID
Key Name: \REGISTRY\MACHINE\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4117FAC8-4C7B42C8-AA69-4D57E382AAC3}\Connection
Data: PnpInstanceID
Key Name: \REGISTRY\MACHINE\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0B6CFE8F-FAC5487C-A9DB-76FD57F2915B}\Connection
Data: PnpInstanceID
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray
Data: Services
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\Drives\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\
Data: Drive Type
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\Drives\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\
Data: IsImapiDataBurnSupported
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\StagingInfo\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\
Data: DriveNumber
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\StagingInfo\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\
Data: StagingPath
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-327467739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD
Burning\StagingInfo\Volume{9ceebd6d-2722-11e4-9e7e-806e6f6e6963}\
Data: Active
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache
Data: UIStatus
Key Name: \REGISTRY\USER\S-1-5-21-2379144248-1876199604-3274677391000\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache
Data: OnlyMember
11/16
Copyright © 2014 ThreatTrack Security
Mutex Activity/Create Mutex
Mutex Name: \Sessions\1\BaseNamedObjects\qcgce2mrvjq91kk1e7pnbb19m52fx1956jc03il0h
Mutex Name: \Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_
Mutex Name: \Sessions\1\BaseNamedObjects\Local\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Mutex Name: \Sessions\1\BaseNamedObjects\Local\c:!users!user!appdata!roaming!microsoft!windows!cookies!
Mutex Name: \Sessions\1\BaseNamedObjects\Local\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!
Mutex Name: \Sessions\1\BaseNamedObjects\Local\WininetStartupMutex
Mutex Name: \Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex
Mutex Name: \Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex
Mutex Name: \Sessions\1\BaseNamedObjects\RasPbFile
Mutex Name: \Sessions\1\BaseNamedObjects\{C9A34C77-4D69-45EC-A07D-83242376045D}D68DDC3A-831F-4FAE-9E44-DA132C1ACF46
Mutex Name: \Sessions\1\BaseNamedObjects\Local\!PrivacIE!SharedMemory!Mutex
Mutex Name: \Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex
Mutex Name: \Sessions\1\BaseNamedObjects\Local\ExplorerIsShellMutex
Mutex Name: \Sessions\1\BaseNamedObjects\CDBurnNotify
Mutex Name: \Sessions\1\BaseNamedObjects\Global\CDBurnExclusive
Mutex Name: \Sessions\1\BaseNamedObjects\Local\Shell.CMruPidlList
Mutex Name: \Sessions\1\BaseNamedObjects\_SHuassist.mtx
Mutex Name: \Sessions\1\BaseNamedObjects\Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Mutex Name: \Sessions\1\BaseNamedObjects\Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Mutex Name: \Sessions\1\BaseNamedObjects\Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Mutex Name: \Sessions\1\BaseNamedObjects\Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Mutex Name: \Sessions\1\BaseNamedObjects\Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer
Mutex Name: \Sessions\1\BaseNamedObjects\Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Mutex Name:
\Sessions\1\BaseNamedObjects\Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit
Mutex Name: \Sessions\1\BaseNamedObjects\Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs
Mutex Name: \Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex
Mutex Name: \Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
Mutex Name: \Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
Mutex Name: \Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex
Mutex Name: \Sessions\1\BaseNamedObjects\ALTTAB_RUNNING_MUTEX
Mutex Name: \Sessions\1\BaseNamedObjects\qcgce2mrvjq91kk1e7pnbb19m52fx1956jc03il0h
Mutex Name: \Sessions\1\BaseNamedObjects\{C9A34C77-4D69-45EC-A07D-83242376045D}D68DDC3A-831F-4FAE-9E44-DA132C1ACF46
Mutex Name: \Sessions\1\BaseNamedObjects\Local\!PrivacIE!SharedMemory!Mutex
Mutex Name: \Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex
Mutex Name: \Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_
Mutex Name: \Sessions\1\BaseNamedObjects\Local\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Mutex Name: \Sessions\1\BaseNamedObjects\Local\c:!users!user!appdata!roaming!microsoft!windows!cookies!
Mutex Name: \Sessions\1\BaseNamedObjects\Local\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!
Mutex Name: \Sessions\1\BaseNamedObjects\Local\WininetStartupMutex
Mutex Name: \Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex
Mutex Name: \Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex
Mutex Name: \Sessions\1\BaseNamedObjects\ALTTAB_RUNNING_MUTEX
Mutex Name: \Sessions\1\BaseNamedObjects\Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs
12/16
Copyright © 2014 ThreatTrack Security
Network Activity/Network Events
Remote IP: 89.144.14.44
Command: GET 2 times, 90 times
13/16
Copyright © 2014 ThreatTrack Security
Network Activity/Network Traffic
Connection: 89.144.14.44:80
Transmitted: OUTGOING 106 Bytes
Transmitted: INCOMING 297 Bytes
14/16
Copyright © 2014 ThreatTrack Security
Network Activity/DNS Activity
Requested: ssmorf1.com, Result: NONE
Requested: ssmorf1.com, Result: 0.0.0.0
Requested: ssmorf.com, Result: 89.144.14.44
Requested: ssmorf1.com, Result: 89.144.14.44
Requested: ssmorf.com, Result: 89.144.14.44
15/16
Copyright © 2014 ThreatTrack Security
Screen Shots
16/16
Copyright © 2014 ThreatTrack Security
Related documents
Windows 8 Forensics
Windows 8 Forensics
Chapter 1Computer Concept
Chapter 1Computer Concept
MET 1103 Introduction to Computing
MET 1103 Introduction to Computing
ASP.NET MVC
ASP.NET MVC
Old YMCA Building in Richmond, Indiana 47374
Old YMCA Building in Richmond, Indiana 47374
Student Technical Requirements for Online Courses
Student Technical Requirements for Online Courses
Download
advertisement