RTF Document Takes Advantage of CVE-2017-11882 Vulnerability   | IOCs
Try VMRay Analyzer
IOC Information
File Count 39
Registry Count 115
Mutex Count 4
URL Count 1
IP Count 1
Indicators
File (39)
+
Filename Normalized Filename Operations Hash Values
\??\C:\Program Files\Crfitq6x\gdigzvh.exe \??\c:\program files\crfitq6x\gdigzvh.exe Access -
\??\C:\Program Files\Mozilla Firefox\Firefox.exe \??\c:\program files\mozilla firefox\firefox.exe Access, Read -
\??\C:\Users\BGC6u8Oy yXGxkR\AppData\Local\Google\Chrome\User Data\Default\Login Data \??\c:\users\bgc6u8oy yxgxkr\appdata\local\google\chrome\user data\default\login data Access -
\??\C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\OLO0NDS- \??\c:\users\bgc6u8oy yxgxkr\appdata\roaming\olo0nds- Access -
\??\C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\OLO0NDS-\OLOlog.ini \??\c:\users\bgc6u8oy yxgxkr\appdata\roaming\olo0nds-\ololog.ini Access -
\??\C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\OLO0NDS-\OLOlogrc.ini \??\c:\users\bgc6u8oy yxgxkr\appdata\roaming\olo0nds-\olologrc.ini Access, Write -
\??\C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\OLO0NDS-\OLOlogrv.ini \??\c:\users\bgc6u8oy yxgxkr\appdata\roaming\olo0nds-\olologrv.ini Access, Write -
\??\C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\Opera Software\Opera Stable\Login Data \??\c:\users\bgc6u8oy yxgxkr\appdata\roaming\opera software\opera stable\login data Access -
\??\C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\Temp\lambdoidtegument.exe \??\c:\users\bgc6u8oy yxgxkr\appdata\roaming\temp\lambdoidtegument.exe Access -
\??\C:\Users\BGC6U8~1\AppData\Local\Temp\lambdoidtegument.exe \??\c:\users\bgc6u8~1\appdata\local\temp\lambdoidtegument.exe Access, Read -
\??\C:\Windows\System32\cmmon32.exe \??\c:\windows\system32\cmmon32.exe Access, Read -
\??\C:\Windows\System32\drivers\etc\hosts \??\c:\windows\system32\drivers\etc\hosts Access, Read -
\??\C:\Windows\SYSTEM32\ntdll.dll \??\c:\windows\system32\ntdll.dll Access, Read -
C:\ c: Access -
C:\Users\BGC6u8Oy yXGxkR c:\users\bgc6u8oy yxgxkr Access -
C:\Users\BGC6u8Oy yXGxkR\AppData\Local\Temp\lambdoidtegument.exe c:\users\bgc6u8oy yxgxkr\appdata\local\temp\lambdoidtegument.exe Access, Write MD5: 437efd63bf864669ef4312750c25c462
SHA1: 247f0b1576c24e50830f6ee326dce494c6ba478d
SHA256: c5221c1250b9584be4be97a30dde5f1b82c3509749df7bf76a7d0c9d85514a5a
C:\Users\BGC6u8Oy yXGxkR\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 c:\users\bgc6u8oy yxgxkr\documents\windowspowershell\microsoft.powershell_profile.ps1 Access -
C:\Users\BGC6u8Oy yXGxkR\Documents\WindowsPowerShell\profile.ps1 c:\users\bgc6u8oy yxgxkr\documents\windowspowershell\profile.ps1 Access -
C:\Users\BGC6U8~1\AppData\Local\Temp c:\users\bgc6u8~1\appdata\local\temp Access -
C:\Users\BGC6U8~1\AppData\Local\Temp\lambdoidtegument.exe c:\users\bgc6u8~1\appdata\local\temp\lambdoidtegument.exe Access -
C:\Windows c:\windows Access -
C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll Access -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config c:\windows\microsoft.net\framework\v2.0.50727\config\machine.config Access, Read -
C:\Windows\system32 c:\windows\system32 Access -
C:\Windows\System32\WindowsPowerShell\v1.0 c:\windows\system32\windowspowershell\v1.0 Access -
C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml c:\windows\system32\windowspowershell\v1.0\certificate.format.ps1xml Access -
C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml c:\windows\system32\windowspowershell\v1.0\diagnostics.format.ps1xml Access, Read -
C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml c:\windows\system32\windowspowershell\v1.0\dotnettypes.format.ps1xml Access, Read -
C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml c:\windows\system32\windowspowershell\v1.0\filesystem.format.ps1xml Access, Read -
C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml c:\windows\system32\windowspowershell\v1.0\getevent.types.ps1xml Access, Read -
C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml c:\windows\system32\windowspowershell\v1.0\help.format.ps1xml Access, Read -
C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1 c:\windows\system32\windowspowershell\v1.0\microsoft.powershell_profile.ps1 Access -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config c:\windows\system32\windowspowershell\v1.0\powershell.config Access -
C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml c:\windows\system32\windowspowershell\v1.0\powershellcore.format.ps1xml Access, Read -
C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml c:\windows\system32\windowspowershell\v1.0\powershelltrace.format.ps1xml Access, Read -
C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1 c:\windows\system32\windowspowershell\v1.0\profile.ps1 Access -
C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml c:\windows\system32\windowspowershell\v1.0\registry.format.ps1xml Access, Read -
C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml c:\windows\system32\windowspowershell\v1.0\types.ps1xml Access, Read -
C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml c:\windows\system32\windowspowershell\v1.0\wsman.format.ps1xml Access, Read -
Registry (115)
+
Registry Key Name Operations
HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 Access, Read
HKEY_CURRENT_USER Access
HKEY_CURRENT_USER\Environment Access, Read
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Access
HKEY_CURRENT_USER\Software\Microsoft\Command Processor Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Read
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Access
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\ Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\25.0 (en-US)\Main Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird\ Access
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance Access, Read
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance Access, Read
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell Access
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER Access
HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell Access
HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1 Access
HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion Access, Read
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Access
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment Access, Read
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\0413e2ad850e7146953cbb4c2672287e Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\1b5aad0cdb629e49a2c6203d4a6a948a Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\1dab3177c2ac33448a4fe54b862a329e Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\2a7b899b94a04042a46a1cd96dc2a18c Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\7a302ee0804dab4ba930ea4351b9b4ac Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\7df1ae4ad074c146bb02f647b97dd78e Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Access
HKEY_USERS\S-1-5-21-3328211038-939451286-342010794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Access, Write
Mutex (4)
+
Mutex Name Operations
664908S9UTEIZ6MN Access
Global\.net clr networking Access, Delete
Local\!PrivacIE!SharedMemory!Mutex Access
OLO0NDS-0AXWwKzG Access
URL (1)
+
URL Operations
doc2th.com/tin/off.exe GET
IP (1)
+
IP Protocols
192.232.251.15 HTTP, DNS, TCP
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image