Trojan.Agent.GTA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	5,799
Threat Level:	80 % (High)
Infected Computers:	3,086

First Seen:	November 28, 2022
Last Seen:	January 14, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Agent.GTA
Signature status:	No Signature

Known Samples

MD5: 8281aba4421c63e87702137b01d371d0

SHA1: 22eef385d33787ee6ffa51c37d322b3a4d2aa31b

File Size: 2.94 MB, 2937856 bytes

MD5: 88324828f1b93e5544061fc5e74a2e9a

SHA1: d6ac0f89478d5f31e260379746a2d3601551b9eb

File Size: 2.89 MB, 2889728 bytes

MD5: 75c03a587553cb448c648546ff0c4b44

SHA1: e726b27fac99af984d8acf78bcc9803515d678f3

SHA256: FFABD942F009E26166BAB1C4E2335AA639CB92E2C5B84C7B24D021B17956DDE6

File Size: 496.64 KB, 496640 bytes

MD5: 654058da7470e1a8c08ca6207d719791

SHA1: b6210877ab25194ee2195f23552712fbaa8fa370

SHA256: 197AD9EF1522365610A30061660F36F17A43BE5C5EC0A8797F084EFA36A621AD

File Size: 2.89 MB, 2889728 bytes

MD5: ac61fdd899cd90fa773be75c6b14157f

SHA1: f487d7ab4d38fb3516ebfb27230fdd83170ad808

SHA256: 9A6339A9BC8B0BD09A83F502AE1FE54166151BE51F0072CCD5AE25F606DC0E34

File Size: 2.89 MB, 2889728 bytes

MD5: ec54516bd04e15346c8371cab675b5d1

SHA1: b9e42428d5dd88f4eba840dd8ea3361ff28b04b0

SHA256: 1B53FF4E8DDEE28955E6A810A0E086B0259A99B6C7F2092B8750263EDBCF4381

File Size: 7.32 MB, 7323648 bytes

MD5: a363776e53c21f915e422b62fc3c4f43

SHA1: dcc5a4202d3508d7adf64912dafd32a92bba3a07

SHA256: 1664B5B2994C0A3DF2D08CB7C8565FACE1B2B3335A085E6D6DA49114BAC9AA21

File Size: 9.25 MB, 9245800 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has TLS information
File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)

File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	This installation was built with Inno Setup.
Company Name	Microsoft Corporation Nlitesoft Realtek Semiconductor
File Description	NTLite Setup Realtek HD Audio Universal Service WMI Provider Host
File Version	10.0.26100.3323 (WinBuild.160101.0800) 1.2.0.4755 1.1.664.1
Internal Name	RtkAudUService.exe Wmiprvse.exe
Legal Copyright	2024 (c) Realtek Semiconductor. All rights reserved. © 2014-2016 Nlitesoft. All rights reserved. © Microsoft Corporation. All rights reserved.
Original Filename	RtkAudUService.exe Wmiprvse.exe
Product Name	Microsoft® Windows® Operating System NTLite Realtek HD Audio Universal Service
Product Version	10.0.26100.3323 1.2.0.4755 1.1.664.1

Digital Signatures

Signer	Root	Status
Dino Nuhagic	StartCom Class 2 Primary Intermediate Object CA	Self Signed

File Traits

00 section
2+ executable sections
big overlay
HighEntropy
No Version Info
ntdll
Obsidium
x64

Block Information

Similar Families

Bedep.D

Files Modified

File	Attributes
\device\namedpipe\pshost.133960935552284105.5536.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
c	Generic Write
c:\program files\uninstall information\ie.hkcuzoneinfo\ie.hkcuzoneinfo.dat	Synchronize,Write Attributes
c:\program files\uninstall information\ie.hkcuzoneinfo\ie.hkcuzoneinfo.ini	Synchronize,Write Attributes
c:\program files\uninstall information\ie40.useragent\ie40.useragent.dat	Synchronize,Write Attributes
c:\program files\uninstall information\ie40.useragent\ie40.useragent.ini	Synchronize,Write Attributes
c:\programdata	Generic Write
c:\programdata\microsoft	Generic Write
c:\programdata\microsoft\windows	Generic Write
c:\programdata\microsoft\windows\winmsi	Generic Write

c:\programdata\microsoft\windows\winmsi\wmiprvse.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\microsoft\windows\inetcache\ie	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_fjqpcl01.bbg.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_hhtrn2th.bpe.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-fiobk.tmp\dcc5a4202d3508d7adf64912dafd32a92bba3a07_0009245800.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mu2ls.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgi766a.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgi766a.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgi76f8.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgi76f8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgi795a.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgi795a.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgi7a84.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgi7a84.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmp4352$.tmp	Generic Write,Read Attributes,Delete
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\103621de9cd5414cc2538780b4b75751	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\93e8f70f6a0256f0df342e3d63d8cdad	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\103621de9cd5414cc2538780b4b75751	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\93e8f70f6a0256f0df342e3d63d8cdad	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\obsidium\{d48a462a-7d5833bc-83116ff4-5e7d363a}	Synchronize,Write Attributes
c:\users\user\appdata\roaming\obsidium\{d48a462a-7d5833bc-83116ff4-5e7d363a}\1420.obs	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㿤࿾ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::enablenegotiate		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings::migrateproxy		RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie40.useragent\regbackup\0::ef29a4ec885fa451	,,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie40.useragent\regbackup\0.map::ef29a4ec885fa451	,33,HKCU,Software\Microsoft\Windows\CurrentVersion\Internet Settings,User Agent,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie40.useragent\regbackup\0::2ba02e083fadee33	,Software\Microsoft\Windows\CurrentVersion\Internet Settings,IE5_UA_Backup_Flag,5.0	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie40.useragent\regbackup\0.map::2ba02e083fadee33	,33,HKCU,Software\Microsoft\Windows\CurrentVersion\Internet Settings,IE5_UA_Backup_Flag,	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::backupfilename	C:\Program Files\Uninstall Information\IE40.UserAgent\IE40.UserAgent.DAT	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::backupfilesize		RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::backuppath	C:\Program Files\Uninstall Information\IE40.UserAgent	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::installinffile	C:\Users\Nfsgowyi\AppData\Local\Temp\RGI766A.tmp	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::installinfsection	BackupUserAgent	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::backupregistry	y	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::componentversion	6.0	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::user agent	Mozilla/4.0 (compatible; MSIE 8.0; Win32)	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::ie5_ua_backup_flag	5.0	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie complist::ie40.useragent		RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::87c588e072d89776	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones,,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::87c588e06bc3a637	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones,SelfHealCount,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a9d51066	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92b0ce2127	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,DisplayName,Computer	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b929be372e4	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,PMDisplayName,4Computer [Protected Mode]	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9282f843a5	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,Description,Your computer	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92cdb9d562	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,Icon,"shell32.dll#0016	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d4a2e423	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,LowIcon,&inetcpl.cpl#005422	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92ff8fb7e0	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,CurrentLevel,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e69486a1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,Flags,!	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92610c9a6e	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,1200,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927817ab2f	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,1400,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92083336f9	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,2001,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92112807b8	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,2004,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9207bd81f7	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921ea6b0b6	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,DisplayName,Local intranet	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92358be375	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,PMDisplayName,@Local intranet [Protected Mode]	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b922c90d234	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,Description,This zone contains all Web sites that are on	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9263d144f3	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,Icon,"shell32.dll#0018	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927aca75b2	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,LowIcon,&inetcpl.cpl#005423	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9251e72671	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,CurrentLevel,Ԁ	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9248fc1730	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,1200,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92cf640bff	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,1400,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d67f3abe	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,2500,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e7618018	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,Flags,Û	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92fe7ab159	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,2001,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d557e29a	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,2004,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b922e753505	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92376e0444	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,DisplayName,Trusted sites	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921c435787	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,PMDisplayName,>Trusted sites [Protected Mode]	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92055866c6	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,Description,¢This zone contains Web sites that you trust	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b924a19f001	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,Icon,*inetcpl.cpl#00004480	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b925302c140	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,LowIcon,&inetcpl.cpl#005424	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92782f9283	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,CurrentLevel,က	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b926134a3c2	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,Flags,G	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e6acbf0d	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1200,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92ffb78e4c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1400,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b920de75d7a	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1001,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9214fc6c3b	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1004,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b923fd13ff8	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1201,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9226ca0eb9	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1206,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92698b987e	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1207,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927090a93f	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1208,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b925bbdfafc	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1209,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9242a6cbbd	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,120A,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92c53ed772	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,120C,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92dc25e633	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1402,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921f52f294	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1405,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b920649c3d5	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1406,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b922d649016	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1407,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92347fa157	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1408,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927b3e3790	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1409,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92622506d1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,140A,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9249085512	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,140C,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9250136453	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1601,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d78b789c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1604,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92ce9049dd	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1605,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a7ee95f1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1606,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92bef5a4b0	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1607,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9295d8f773	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1608,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b928cc3c632	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1609,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92c38250f5	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,160A,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92da9961b4	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,160B,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92f1b43277	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1802,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e8af0336	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1803,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b926f371ff9	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1804,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92762c2eb8	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1809,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b923a39ad48	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1812,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9223229c09	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A00,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92080fcfca	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A02,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921114fe8b	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A03,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b925e55684c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A04,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92474e590d	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A05,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b926c630ace	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A06,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9275783b8f	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A10,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92f2e02740	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1C00,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92ebfb1601	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2000,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b928285ca2d	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2001,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b929b9efb6c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2004,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92b0b3a8af	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2005,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a9a899ee	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2007,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e6e90f29	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2100,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92fff23e68	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2101,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d4df6dab	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2102,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92cdc45cea	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2103,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b924a5c4025	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2104,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9253477164	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2105,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92903065c3	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2106,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92892b5482	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2107,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a2060741	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2108,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92bb1d3600	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2200,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92f45ca0c7	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2201,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92ed479186	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2300,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92c66ac245	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2301,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92df71f304	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2302,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9258e9efcb	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2400,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9241f2de8a	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2401,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92288c02a6	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2402,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92319733e7	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2600,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921aba6024	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2700,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9203a15165	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2701,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b924ce0c7a2	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2702,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9255fbf6e3	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2703,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927ed6a520	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2704,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9267cd9461	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2708,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e05588ae	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2709,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92f94eb9ef	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,270B,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9270ef12f0	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,270C,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9269f423b1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,270D,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9242d97072	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,140D,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b925bc24133	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,120B,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92801da494	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92990695d5	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,DisplayName,Internet	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92b22bc616	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,PMDisplayName,4Internet [Protected Mode]	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92ab30f757	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,Description,This zone contains all Web sites you haven't	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e4716190	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,Icon,&inetcpl.cpl#001313	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92fd6a50d1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,LowIcon,&inetcpl.cpl#005425	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d6470312	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,CurrentLevel,ᔀ	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92cf5c3253	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,Flags,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9248c42e9c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1200,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9251df1fdd	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1400,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e2b5eb9b	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1001,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92fbaedada	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1004,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d0838919	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1201,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92c998b858	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1206,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9286d92e9f	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1207,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b929fc21fde	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1208,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92b4ef4c1d	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1209,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92adf47d5c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,120A,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b922a6c6193	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,120C,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92337750d2	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1402,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92f0004475	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1405,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e91b7534	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1406,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92c23626f7	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1407,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92db2d17b6	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1408,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92946c8171	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1409,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b928d77b030	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,140A,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a65ae3f3	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,140C,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92bf41d2b2	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1601,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9238d9ce7d	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1604,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9221c2ff3c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1605,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9248bc2310	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1606,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9251a71251	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1607,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927a8a4192	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1608,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92639170d3	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1609,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b922cd0e614	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,160A,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9235cbd755	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,160B,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921ee68496	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1802,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9207fdb5d7	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1803,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b928065a918	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1804,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92997e9859	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1809,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d56b1ba9	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1812,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92cc702ae8	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A00,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e75d792b	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A02,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92fe46486a	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A03,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92b107dead	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A04,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a81cefec	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A05,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b928331bc2f	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A06,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b929a2a8d6e	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A10,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921db291a1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1C00,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9204a9a0e0	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2000,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b926dd77ccc	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2001,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9274cc4d8d	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2004,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b925fe11e4e	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2005,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9246fa2f0f	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2007,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9209bbb9c8	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2100,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9210a08889	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2101,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b923b8ddb4a	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2102,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b922296ea0b	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2103,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a50ef6c4	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2104,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92bc15c785	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2105,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927f62d322	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2106,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b926679e263	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2107,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b924d54b1a0	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2200,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92544f80e1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2201,	RegNtPreCreateKey

211 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAcceptConnectPort ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm ntdll.dll!NtAcquireProcessActivityReference ntdll.dll!NtAddAtom ntdll.dll!NtAddAtomEx ntdll.dll!NtAdjustGroupsToken ntdll.dll!NtAdjustTokenClaimsAndDeviceGroups ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAllocateLocallyUniqueId Show More ntdll.dll!NtAllocateUserPhysicalPages ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeletePortSection ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcImpersonateClientOfPort ntdll.dll!NtAlpcOpenSenderProcess ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcRevokeSecurityContext ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAreMappedFilesTheSame ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelIoFile ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCloseObjectAuditAlarm ntdll.dll!NtCommitComplete ntdll.dll!NtCommitTransaction ntdll.dll!NtCompareObjects ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtContinueEx ntdll.dll!NtCreateCrossVmEvent ntdll.dll!NtCreateCrossVmMutant ntdll.dll!NtCreateDirectoryObjectEx ntdll.dll!NtCreateEnclave ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateIRTimer ntdll.dll!NtCreateKey ntdll.dll!NtCreateKeyTransacted ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePartition ntdll.dll!NtCreatePort ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateProfile ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateTokenEx ntdll.dll!NtCreateTransaction ntdll.dll!NtCreateUserProcess ntdll.dll!NtCreateWaitablePort ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDebugActiveProcess ntdll.dll!NtDebugContinue ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteDriverEntry ntdll.dll!NtDeleteWnfStateName ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDirectGraphicsCall ntdll.dll!NtDrawText ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFilterToken ntdll.dll!NtFlushBuffersFile ntdll.dll!NtFlushInstallUILanguage ntdll.dll!NtFlushInstructionCache ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFlushVirtualMemory ntdll.dll!NtFlushWriteBuffer ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFreezeTransactions ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetContextThread ntdll.dll!NtGetCurrentProcessorNumber ntdll.dll!NtGetNotificationResourceManager ntdll.dll!NtGetWriteWatch ntdll.dll!NtInitializeEnclave ntdll.dll!NtIsSystemResumeAutomatic ntdll.dll!NtLoadKey3 ntdll.dll!NtLoadKeyEx 192 additional items are not displayed above.
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation
Process Shell Execute	CreateProcess WriteConsole
Process Terminate	TerminateProcess
Encryption Used	BCryptOpenAlgorithmProvider
Other Suspicious	AdjustTokenPrivileges
Network Winhttp	WinHttpOpen
Process Manipulation Evasion	NtUnmapViewOfSection
Keyboard Access	GetKeyState

Shell Command Execution


							C:\WINDOWS\system32\net.exe net  session


							WriteConsole: Access is denied


							WriteConsole: 
SERVICE_NAME:


							WriteConsole: [SC] ControlServ


							WriteConsole: [SC] OpenService


									WriteConsole: [SC] CreateServi


									"C:\Users\Lwezjcse\AppData\Local\Temp\is-FIOBK.tmp\dcc5a4202d3508d7adf64912dafd32a92bba3a07_0009245800.tmp" /SL5="$50084,8702699,121344,c:\users\user\downloads\dcc5a4202d3508d7adf64912dafd32a92bba3a07_0009245800"

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Agent.GTA

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Asyl Ransomware

MgBot Backdoor

Santa Airdrop Scam

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...