Zero‑Dwell Threat Intelligence Report
A narrative, executive‑ready view into the malware’s behavior, exposure, and reliable defenses.
Generated: 2025-12-04 08:29:04 UTC
Executive Overview — What We’re Dealing With
This specimen has persisted long enough to matter. Human experts classified it as Malware, and the telemetry confirms a capable, evasive Trojan with real impact potential.
File
q5iypy.exe
Type
Win32 Executable MS Visual C++ (generic)
SHA‑1
a80652a0d88495c6cebad7de384ad0a5685355e3
MD5
0171143f18e8fff5734358f461027203
First Seen
2025-12-02 11:33:19.186656
Last Analysis
2025-12-02 18:55:58.358739
Dwell Time
0 days, 7 hours, 33 minutes
Extended Dwell Time Impact
For 7+ hours, this malware remained undetected — a several-hour window that allowed the adversary to complete initial compromise and begin early-stage persistence establishment.
Comparative Context
Industry studies report a median dwell time closer to 21–24 days. This case represents rapid detection and containment within hours rather than days.
Timeline
| Time (UTC) | Event | Elapsed |
|---|---|---|
| 2025-11-05 17:26:17 UTC | First VirusTotal submission | — |
| 2025-12-03 21:09:42 UTC | Latest analysis snapshot | 28 days, 3 hours, 43 minutes |
| 2025-12-04 08:29:04 UTC | Report generation time | 28 days, 15 hours, 2 minutes |
Why It Matters
Every additional day of dwell time is not just an abstract number — it is attacker opportunity. Each day equates to more time for lateral movement, stealth persistence, and intelligence gathering.
Global Detection Posture — Who Caught It, Who Missed It
VirusTotal engines: 72. Detected as malicious: 68. Missed: 4. Coverage: 94.4%.
Detected Vendors
- Xcitium
- +67 additional vendors (names not provided)
List includes Xcitium plus an additional 67 vendors per the provided summary.
Missed Vendors
- CMC
- google_safebrowsing
- tehtris
Why it matters: if any endpoint relies solely on a missed engine, this malware can operate with zero alerts. Prevention‑first controls close that gap regardless of signature lag.
Behavioral Storyline — How the Malware Operates
Extensive network activity (40.91% of behavior) points to data exfiltration, command-and-control communications, or lateral movement capabilities. This threat is designed for persistent communication with external infrastructure.
Behavior Categories (weighted)
Weight values represent the frequency and intensity of malware interactions with specific system components. Higher weights indicate more aggressive targeting of that category. Each operation (registry access, file modification, network connection, etc.) contributes to the category’s total weight, providing a quantitative measure of the malware’s behavioral focus.
| Category | Weight | Percentage |
|---|---|---|
| Network | 3066 | 40.91% |
| System | 2967 | 39.59% |
| Registry | 777 | 10.37% |
| Threading | 558 | 7.44% |
| Device | 46 | 0.61% |
| File System | 36 | 0.48% |
| Services | 14 | 0.19% |
| Process | 12 | 0.16% |
| Com | 10 | 0.13% |
| Misc | 5 | 0.07% |
| Synchronization | 2 | 0.03% |
| Hooking | 1 | 0.01% |
| Crypto | 1 | 0.01% |
MITRE ATT&CK Mapping
- T1543.003 – persist via Windows service
- T1569.002 – persist via Windows service
- T1027.005 – contain obfuscated stackstrings
- T1016 – get socket status
- T1129 – link function at runtime on Windows
- T1083 – get file size
- T1082 – get number of processors
- T1543.003 – modify service
- T1569.002 – modify service
- T1543.003 – create service
- T1569.002 – create service
- T1543.003 – start service
- T1539 – Touches a file containing cookies, possibly for information gathering
- T1547 – Installs itself for autorun at Windows startup
- T1053 – Installs itself for autorun at Windows startup
- T1547.001 – Installs itself for autorun at Windows startup
- T1070.006 – Attempts to connect to a dead IP:Port
- T1112 – Installs itself for autorun at Windows startup
- T1112 – Installs itself for autorun at Windows startup
- T1070 – Attempts to connect to a dead IP:Port
- T1027 – The binary likely contains encrypted or compressed data
- T1027.002 – The binary likely contains encrypted or compressed data
- T1082 – Checks available memory
- T1071 – HTTP traffic contains suspicious features which may be indicative of malware related traffic
- T1071 – Performs HTTP requests potentially not found in PCAP.
- T1071 – Attempts to connect to a dead IP:Port
- T1095 – Generates some ICMP traffic
- T1036 – Creates files inside the system directory
- T1036 – Drops a PE files to the windows directory (C:\\Windows) and starts it
- T1036 – Drops PE files to the windows directory (C:\\Windows)
- T1497 – May sleep (evasive loops) to hinder dynamic analysis
- T1135 – Connects to many different private IPs via SMB (likely to spread or exploit)
- T1573 – Uses HTTPS
- T1095 – Downloads files from webservers via HTTP
- T1071 – Downloads files from webservers via HTTP
- T1071 – Uses HTTPS
- T1105 – Tries to download HTTP data from a sinkholed host
- T1105 – Downloads files from webservers via HTTP
Following the Trail — Network & DNS Activity
Outbound activity leans on reputable infrastructure (e.g., CDNs, cloud endpoints) to blend in. TLS sessions and
HTTP calls show routine beaconing and IP‑lookup behavior that can masquerade as normal browsing.
Contacted Domains
| Domain | IP | Country | ASN/Org |
|---|---|---|---|
| www.msftncsi.com | 23.200.3.20 | United States | Akamai Technologies, Inc. |
| www.aieov.com | 76.223.54.146 | United States | Amazon.com, Inc. |
| www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com | 104.16.167.228 | United States | Cloudflare, Inc. |
Observed IPs
| IP | Country | ASN/Org |
|---|---|---|
| 224.0.0.252 | — | — |
| 239.255.255.250 | — | — |
| 8.8.4.4 | United States | Google LLC |
| 8.8.8.8 | United States | Google LLC |
| 98.180.209.7 | United States | Cox Communications Inc. |
| 97.243.237.252 | United States | Verizon Business |
| 97.22.158.188 | United States | Verizon Business |
| 96.136.50.212 | United States | Comcast Cable Communications, LLC |
| 96.117.42.63 | United States | Comcast Cable Communications, LLC |
| 95.241.59.85 | Italy | Telecom Italia S.p.A. Alice – Smart Services |
| 95.12.187.54 | Turkey | TurkTelekom |
| 94.89.89.193 | Italy | INTERBUSINESS |
| 94.15.170.144 | United Kingdom | Sky UK Limited |
| 93.90.5.41 | Denmark | Dyrup-Sanderum Antenneforening |
| 93.222.71.113 | Germany | Deutsche Telekom AG |
| 92.140.117.147 | France | POP LIL |
| 91.84.117.238 | United Kingdom | Amsterdam, Netherlands |
| 91.25.38.207 | Germany | Deutsche Telekom AG, Internet service provider |
| 91.237.150.7 | Russian Federation | Not known |
| 90.207.102.122 | United Kingdom | Sky UK Limited |
| 90.108.86.215 | France | POP Rouen |
| 9.199.221.110 | United States | IBM |
| 9.115.20.148 | United States | IBM |
| 89.63.96.135 | Germany | Not known |
| 89.224.155.68 | France | SFR Altice France |
| 89.15.211.138 | Germany | Telefonica Germany GmbH & Co.OHG |
| 88.93.201.214 | Norway | Telenor Norge AS Snaroyveien 30D 1331 Fornebu Norway |
| 88.63.149.240 | Italy | INTERBUSINESS |
| 88.225.97.32 | Turkey | TT ADSL-meb_ulu |
| 86.86.92.103 | Netherlands | Customers |
| 86.36.5.136 | Qatar | Not known |
| 86.212.111.200 | France | POP NAN |
| 86.193.71.207 | France | POP Montpellier |
| 85.165.209.42 | Norway | Telenor Norge AS |
| 84.248.210.69 | Finland | Telia Finland Oyj |
| 84.200.181.34 | Germany | IP-Routing by Accelerated IT Services GmbH |
| 84.136.185.130 | Germany | Deutsche Telekom AG |
| 84.122.106.167 | Spain | Cableuropa – ONO ONO net in whole Spain |
| 83.74.108.30 | Denmark | Telenor Denmark |
| 83.1.62.148 | Poland | Interkam S.C. al. 600-Lecia 44b 96-500 Sochaczew |
| 82.36.131.41 | United Kingdom | TILBURY |
| 81.61.178.47 | Spain | ONO_HFC |
| 81.246.67.238 | Belgium | Fourisol Multi Services |
| 80.67.16.227 | Germany | DOMAINFACTORY OFFICE ISMANING |
| 8.24.130.158 | United States | Level 3 Parent, LLC |
| 78.184.55.84 | Turkey | TT ADSL-TTnet_dynamic_gay |
| 77.98.186.166 | United Kingdom | DERBY |
| 77.59.141.194 | Switzerland | DHCP Scopes Zuerich |
| 77.42.118.13 | Iran, Islamic Republic of | HETZNER-DC |
| 77.249.0.192 | Netherlands | CPE Customers NL |
| 77.159.147.224 | France | SFR ALTICE France |
| 76.77.171.253 | United States | Point Broadband Fiber Holding, LLC |
| 76.27.243.124 | United States | Comcast Cable Communications, LLC |
| 76.240.211.45 | United States | AT&T Enterprises, LLC |
| 76.112.207.5 | United States | Comcast Cable Communications, LLC |
| 74.213.45.174 | United States | Logix |
| 74.122.52.52 | Canada | Rural Wave |
| 73.130.219.14 | United States | Comcast Cable Communications, LLC |
| 72.116.178.34 | United States | Verizon Business |
| 71.32.115.231 | United States | CenturyLink Communications, LLC |
| 71.16.200.166 | United States | Amazon.com, Inc. |
| 70.222.253.195 | United States | Verizon Business |
| 7.40.107.242 | United States | United States Department of Defense (DoD) |
| 69.173.86.112 | United States | The Broad Institute, Inc. |
| 69.0.51.85 | United States | AT&T Enterprises, LLC |
| 68.14.29.156 | United States | Cox Communications Inc. |
| 67.166.89.174 | United States | Comcast Cable Communications, LLC |
| 67.115.218.116 | United States | AT&T Enterprises, LLC |
| 66.84.31.201 | United States | HostPapa |
| 66.80.209.191 | United States | GTT Americas, LLC |
| 66.45.69.7 | United States | BroadbandONE, LLC |
| 66.26.23.14 | United States | Charter Communications Inc |
| 66.152.164.142 | United States | Amazon.com, Inc. |
| 65.61.214.2 | Canada | In2net Network Inc. |
| 65.136.115.117 | United States | CenturyLink Communications, LLC |
| 63.221.4.206 | United States | PCCW Global, Inc. |
| 63.140.62.247 | United States | Adobe Inc. |
| 63.14.192.84 | United States | Verizon Business |
| 62.214.183.127 | Germany | Versatel Deutschland VPN Services |
| 62.194.79.6 | Netherlands | CPE Customers NL |
| 62.11.32.251 | Italy | Not known |
| 61.38.227.89 | Korea, Republic of | LG DACOM Corporation |
| 60.248.45.92 | Taiwan | Data Communication Business Group, Chunghwa Telecom Co.,Ltd. No.21, Sec.1, Xinyi Rd., Taipei City 10048, Taiwan |
| 60.223.65.24 | China | China Unicom Shanxi Province Network China Unicom |
| 60.140.42.162 | Japan | Japan Nation-wide Network of Softbank Corp. |
| 59.89.244.248 | India | O/o DGM BB, NOC BSNL Bangalore |
| 58.102.47.207 | Korea, Republic of | SK Telecom |
| 58.0.205.28 | Japan | COLT Technology Services |
| 56.196.147.183 | United States | Amazon.com, Inc. |
| 56.180.7.38 | United States | Amazon.com, Inc. |
| 56.177.108.46 | United States | Amazon.com, Inc. |
| 55.233.103.250 | United States | United States Department of Defense (DoD) |
| 54.68.0.30 | United States | Amazon Technologies Inc. |
| 54.138.116.91 | United States | Amazon.com, Inc. |
| 53.102.240.177 | Germany | Mercedes-Benz Group AG |
| 53.0.204.56 | Germany | Mercedes-Benz Group AG |
| 52.212.100.186 | Ireland | Amazon Technologies Inc. |
| 52.20.19.165 | United States | Amazon Technologies Inc. |
| 51.125.213.166 | United Kingdom | Not known |
| 50.31.168.28 | United States | DEFT.COM |
| 49.81.211.194 | China | CHINANET jiangsu province network China Telecom 260 Zhongyang Road,Nanjing 210037 |
| 49.79.142.187 | China | CHINANET jiangsu province network China Telecom 260 Zhongyang Road,Nanjing 210037 |
| 49.249.39.139 | India | Tata Teleservices Limited -GSM Division D 26/2 TTC INDUSTRIAL AREA MIDC SANPADA PO TURBHE NAVI MUMBAI |
| 48.188.35.10 | United States | Microsoft Corporation AS8075 To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to: * https://cert.microsoft.com For SPAM and other abuse issues, such as Microsoft Accounts, please contact: * abuse@microsoft.com To report security vulnerabilities in Microsoft products and services, please contact: * secure@microsoft.com For legal and law enforcement-related requests, please contact: * msndcc@microsoft.com For routing, peering or DNS issues, please contact: * IOC@microsoft.com |
| 46.64.235.97 | United Kingdom | Sky UK Limited |
| 46.45.14.14 | Russian Federation | Vega Service, LLC |
| 46.43.27.45 | United Kingdom | Bytemark Computer Consulting Ltd /18 PA |
| 46.37.176.157 | United Kingdom | UKFAST-MAN5-EC-1 |
| 46.157.202.174 | Norway | Telenor Norge AS Snaroyveien 30D 1331 Fornebu Norway |
| 46.149.144.54 | Poland | This space is statically assigned |
| 45.37.168.122 | United States | Not known |
| 44.78.37.142 | United States | Amateur Radio Digital Communications |
| 44.46.166.28 | United States | Amateur Radio Digital Communications |
| 42.7.162.48 | China | UNICOM Liaoning Province Network China Unicom No.21, Jin-Rong Street Beijing 100033 |
| 41.143.182.205 | Morocco | ADSL_Maroc_telecom |
| 40.186.43.102 | United States | Amazon.com, Inc. |
| 40.143.186.206 | United States | TierPoint, LLC |
| 4.201.137.165 | United States | Microsoft Corporation |
| 4.128.215.196 | United States | Microsoft Corporation |
| 39.249.123.113 | Indonesia | Gd. Wisma Mulia Lt.M-19 |
| 38.42.77.21 | United States | Cogent Communications, LLC |
| 37.78.173.195 | Russian Federation | OJSC Rostelecom Macroregional Branch South Krasnodar, Russia |
| 37.37.212.22 | Kuwait | ZAIN KW |
| 36.42.96.234 | China | CHINANET SHAANXI PROVINCE NETWORK China Telecom No.56,gaoxin street Beijing 100032 |
| 36.239.11.239 | Taiwan | Data Communication Business Group, Chunghwa Telecom Co.,Ltd. No.21, Sec.1, Xinyi Rd., Taipei City 10048, Taiwan |
| 36.215.207.198 | China | China Mobile Communications Group Co., Ltd. |
| 34.88.209.54 | United States | Google LLC |
| 34.5.12.176 | United States | Google LLC |
| 33.30.244.122 | United States | United States Department of Defense (DoD) |
| 31.39.1.110 | France | Pool for Broadband DSL customers |
| 3.102.231.15 | United States | Amazon Technologies Inc. |
| 29.213.41.252 | United States | United States Department of Defense (DoD) |
| 29.14.1.98 | United States | United States Department of Defense (DoD) |
| 28.86.69.223 | United States | United States Department of Defense (DoD) |
| 28.177.26.221 | United States | United States Department of Defense (DoD) |
| 27.68.186.14 | Vietnam | Viettel Group No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City |
| 26.185.49.216 | United States | United States Department of Defense (DoD) |
| 25.238.203.142 | United Kingdom | Not known |
| 25.144.131.96 | United Kingdom | Not known |
| 25.113.127.2 | United Kingdom | Not known |
| 24.204.170.228 | Canada | AcenTek |
| 24.137.218.9 | Canada | Rogers Communications Canada Inc. |
| 223.189.182.11 | India | Plot No. 16, Phase IV, Sector 18, Gurugram, Haryana 122015 |
| 222.158.153.140 | Japan | FUJITSU LIMITED 17-25, SHINKAMATA 1-CHOME, OTA-KU, TOKYO 144-8588, JAPAN |
| 221.221.142.205 | China | China Unicom Beijing province network China Unicom |
| 220.203.44.65 | China | China Unicom No.21 Financial Street,Xicheng District, Beijing 100140 ,P.R.China |
| 22.24.178.93 | United States | United States Department of Defense (DoD) |
| 22.154.55.198 | United States | United States Department of Defense (DoD) |
| 219.227.231.51 | China | China Education and Research Network Guangzhou Regional Network |
| 218.240.18.203 | China | Golden-Bridge Netcom communication Co.,LTD. 11/F,Tower B,Xinhong Building NO.31,Huli District,Xiamen |
| 218.2.35.134 | China | CHINANET jiangsu province network China Telecom A12,Xin-Jie-Kou-Wai Street Beijing 100088 |
| 217.225.163.243 | Germany | Deutsche Telekom AG |
| 217.137.252.11 | United Kingdom | Virgin Media |
| 217.128.37.143 | France | LNPUT658 Puteaux |
| 217.117.71.121 | Ukraine | —–BEGIN CERTIFICATE—–MIIDZjCCAk4CCQCGAsBEAam2JzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVQTEPMA0GA1UEBwwGRG5pcHJvMRMwEQYDVQQKDApQcml2YXRiYW5rMQwwCgYDVQQLDANOT0MxDjAMBgNVBAMMBXBiLnVhMSIwIAYJKoZIhvcNAQkBFhNzYXNoYUBwcml2YXRiYW5rLnVhMB4XDTIyMDMyNDEyMTQzMloXDTMyMDMyMTEyMTQzMlowdTELMAkGA1UEBhMCVUExDzANBgNVBAcMBkRuaXBybzETMBEGA1UECgwKUHJpdmF0YmFuazEMMAoGA1UECwwDTk9DMQ4wDAYDVQQDDAVwYi51YTEiMCAGCSqGSIb3DQEJARYTc2FzaGFAcHJpdmF0YmFuay51YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSvuJes/Lkc0Tm2UZrRJqjboGmGcGP3E/YHKmsaQ7obApFMzrO/gwmmEYy9r4XuJqiP14u//ujcKbz+KxqjJg51YovSHSLQMW5UU30r4RAtWwepSU7XzYxiU0G5pew2C1Y9tafws649TntqNzkpprC/ADBXTkObb+5/1QV8M8r5MOzTxCMYvdIv7cAuFoCl4czzEbAZjvR6EeB+mcOw/oT3b38RGGqIBdeBOJJ9b3oOfCxAeeugdrp2yIUjq59FIxBj4gPBpUWtKI7EQbXyb4A5Ib8fUsjMem6/i54zJxXmBkEtRIQqazA89dmtlg1Ov5jyIrN4cPa0FLdwUh2WGzECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAQ5t44FpQ+R0WImpBa3V3sGj+J2hxaTxQRbIqoqjebLst7WChQLiKIO0l+R4li/BBIwr9ZLBVAQvA/esJsIAAmSMoQLlASVa0uzbhfcboJFZexy/tIMEwhN7wZXdSRnBCjr3hE/TcfEBAQ4uHzr7ZClsMjKKf7bnYyIE1eU/jOTKE4GR2s1RZ/ZtQv9A8yxmJVjqwRgqpxo0RVD9dIiPWHhRsZU0tCz3TEumIBNcsmPebuGUMwnDqhn57KDR/SWt+jICDLHUfNBZUpJ+aPWiAJw7X/W7Tof25XDKy3q1XHZbyf5A1dQUwAjzTOKsG43SVEt0VuWIQZ/fFY62RhbygTA==—–END CERTIFICATE—– |
| 217.114.106.163 | Netherlands | IQ-Media B.V. |
| 216.96.224.120 | United States | University of Tennessee |
| 216.96.187.190 | United States | University of Tennessee |
| 216.254.71.95 | United States | GTT Americas, LLC |
| 215.111.176.148 | United States | United States Department of Defense (DoD) |
| 214.76.11.161 | United States | United States Department of Defense (DoD) |
| 214.51.249.8 | United States | United States Department of Defense (DoD) |
| 214.16.149.3 | United States | United States Department of Defense (DoD) |
| 214.127.231.11 | United States | United States Department of Defense (DoD) |
| 213.48.27.230 | United Kingdom | INTERNET |
| 213.0.99.70 | Spain | LIVE NATION ESPANA SAU Internet Public Addresses __ |
| 212.245.215.158 | Italy | WIND Telecomunicazioni S.p.A |
| 210.26.51.33 | China | China Education and Research Network Room 224, Tsinghua University Beijing, China |
| 210.190.23.38 | Japan | Japan Network Information Center |
| 210.151.29.151 | Japan | Japan Network Information Center |
| 210.121.16.254 | Korea, Republic of | SEJONG NETWORKS |
| 21.140.63.215 | United States | United States Department of Defense (DoD) |
| 21.125.186.61 | United States | United States Department of Defense (DoD) |
| 208.50.125.245 | United States | Level 3 Parent, LLC |
| 208.128.243.31 | United States | CenturyLink Communications, LLC |
| 207.101.237.57 | United States | Verizon Business |
| 206.127.235.57 | United States | City Wide Communications Inc. |
| 205.195.96.178 | Canada | Shared Services Canada |
| 205.134.178.50 | United States | American Information Network |
| 204.37.75.110 | United States | United States Department of Defense (DoD) |
| 204.106.239.176 | United States | Inland Internet |
| 203.95.92.251 | Singapore | ATOS Information Technology (Singapore) Pte Ltd |
| 203.30.175.223 | China | CHINANET FUJIAN PROVINCE NETWORK China Telecom No.31,jingrong street Beijing 100032 |
| 203.155.107.100 | Thailand | KSC Commercial Internet Co. Ltd. 2/4 Samaggi Insurance Tower 10th Fl., Viphavadee-Rangsit RD Thungsonghong, Laksi Bangkok 10210 |
| 202.41.42.241 | India | BHARAT HEAVY ELECTRICALS LIMITED |
| 200.118.26.206 | Colombia | Telmex Colombia S.A. |
| 20.97.193.128 | United States | Microsoft Corporation |
| 20.83.186.75 | United States | Microsoft Corporation |
| 2.67.225.25 | Sweden | 3 Customer dynamic address pool |
| 2.150.75.1 | Norway | Telenor Norge AS Snaroyveien 30D 1331 Fornebu Norway |
| 199.119.159.204 | United States | Hargray Communications Group, Inc. |
| 198.46.183.12 | United States | HostPapa |
| 198.132.61.54 | United States | Amazon.com, Inc. |
| 198.113.246.30 | United States | Level 3 Parent, LLC |
| 197.217.246.177 | Angola | Angola Telecom |
| 196.40.225.87 | Nigeria | University of Abuja |
| 196.220.41.57 | United States | 1-grid |
| 194.138.179.227 | Germany | world headquarter Wittelsbacherplatz 2 DE-80333 Munich sites in Europe |
| 193.163.108.225 | Denmark | Not known |
| 193.144.18.57 | Spain | RedIRIS Provider Block |
| 193.123.173.35 | United States | Oracle Corporation |
| 192.127.64.147 | United States | NCR Voyix Corporation |
| 191.74.80.238 | Colombia | COMUNICACIN CELULAR S.A. COMCEL S.A. |
| 190.234.198.51 | Peru | PE-TDP-GRS |
| 19.88.17.228 | United States | Ford Motor Company |
| 19.180.155.74 | United States | Ford Motor Company |
| 189.228.62.254 | Mexico | UNINET |
| 188.2.196.9 | Serbia | IP Range for cable modem customers |
| 186.144.194.48 | Colombia | Telmex Colombia S.A. |
| 186.139.194.186 | Argentina | Telecom Argentina S.A. |
| 183.9.88.225 | China | CHINANET Guangdong province network Data Communication Division China Telecom |
| 183.224.7.134 | China | China Mobile Communications Corporation Mobile Communications Network Operator in China Internet Service Provider in China |
| 183.221.75.115 | China | China Mobile Communications Corporation Mobile Communications Network Operator in China Internet Service Provider in China |
| 183.210.12.234 | China | China Mobile Communications Corporation Mobile Communications Network Operator in China Internet Service Provider in China |
| 182.232.84.115 | Thailand | Assign for AIS_Internet Customers |
| 182.116.221.97 | China | China Unicom Henan province network China Unicom No.21,Ji-Rong Street, Beijing 100032 |
| 181.7.57.68 | Argentina | Telecom Personal Bs As |
| 18.102.86.134 | United States | Amazon Technologies Inc. |
| 179.44.202.84 | Venezuela | TELEFONICA VENEZOLANA, C.A. |
| 179.237.246.8 | Brazil | TELEFNICA BRASIL S.A |
| 179.178.191.160 | Brazil | TELEFNICA BRASIL S.A |
| 179.115.59.44 | Brazil | TELEFNICA BRASIL S.A |
| 177.89.167.144 | Brazil | Alares Cabo Servicos de Telecomunicacoes S.A. |
| 177.200.133.3 | Brazil | CARVALHO & DUARTE TELECOM LTDA ME |
| 176.4.41.95 | Germany | Telefonica Germany GmbH & Co. OHG Georg-Brauchle-Ring 50 80992 Muenchen |
| 176.173.121.145 | France | Bouygues Telecom Division Mobile Pool for APN 2G/3G/4G End users |
| 175.52.7.80 | China | North Star Information Hi.tech Ltd. Co. No.18, Beifengwo Road, Haidian District, Beijing, China, 100038 |
| 175.203.221.41 | Korea, Republic of | Korea Telecom |
| 173.92.156.203 | United States | Charter Communications Inc |
| 172.142.18.80 | United Kingdom | Microsoft Corporation AS8075 To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to: * https://cert.microsoft.com For SPAM and other abuse issues, such as Microsoft Accounts, please contact: * abuse@microsoft.com To report security vulnerabilities in Microsoft products and services, please contact: * secure@microsoft.com For legal and law enforcement-related requests, please contact: * msndcc@microsoft.com For routing, peering or DNS issues, please contact: * IOC@microsoft.com |
| 171.152.230.243 | United States | Bank of America, National Association |
| 17.131.242.211 | United States | Apple Inc. |
| 17.13.19.61 | United States | Apple Inc. |
| 169.241.207.166 | United States | Clark County School District |
| 168.7.51.200 | United States | Rice University |
| 167.70.49.209 | United States | Bank of America, National Association |
| 166.85.170.222 | South Africa | The Standard Bank of South Africa Limited |
| 166.79.193.138 | Korea, Republic of | SamsungSDS Inc. |
| 166.248.252.41 | United States | Verizon Business |
| 166.18.84.190 | United States | Lockheed Martin Corporation |
| 166.18.146.222 | United States | Lockheed Martin Corporation |
| 165.9.152.10 | South Africa | South African Post Office Private Bag X846 Pretoria 0001 |
| 163.137.233.247 | Japan | — |
| 162.67.45.236 | United States | Securities Industry Automation Corporation |
| 162.61.154.31 | United States | Amazon.com, Inc. |
| 162.53.151.155 | Canada | Loblaw Companies Limited |
| 162.176.20.32 | United States | T-Mobile USA, Inc. |
| 162.155.162.73 | United States | Charter Communications Inc |
| 162.112.108.97 | New Zealand | Air New Zealand Limited |
| 161.235.26.190 | United States | AEPSC |
| 161.125.103.195 | United States | — |
| 160.184.29.169 | United States | The whole IPv4 address space |
| 16.203.84.149 | United States | Charter Communications LLC |
| 157.235.86.3 | United States | Zebra Technologies Corporation |
| 157.175.6.208 | Bahrain | Amazon.com, Inc. |
| 156.171.82.174 | Egypt | Etisalat-Misr 2G/3G subscribers |
| 155.48.150.89 | United States | Babson College |
| 155.229.98.45 | United States | GTT Americas, LLC |
| 154.220.43.49 | Hong Kong | Digital Core Technology Co., Limited |
| 153.118.253.235 | China | CHINANET SHANDONG PROVINCE NETWORK China Telecom No.31,jingrong street Beijing 100032 |
| 152.186.183.243 | United States | Verizon Business |
| 151.224.40.188 | United Kingdom | Sky UK Limited |
| 151.126.127.13 | United States | Southern Nuclear Operating Company |
| 149.70.158.5 | United States | Bank Street College |
| 149.45.31.57 | United States | Cerner Corporation |
| 148.33.145.108 | United States | United States Department of Defense (DoD) |
| 148.117.64.155 | Canada | Toronto Police Service |
| 146.240.231.154 | United States | Pfizer Inc. |
| 144.69.52.169 | United States | IBM Cloud |
| 144.248.116.73 | Belgium | UZ Brussel |
| 142.96.26.10 | Canada | Bell Canada |
| 142.54.55.25 | Canada | GOCO TECHNOLOGY LIMITED PARTNERSHIP |
| 142.27.86.48 | Canada | Province of British Columbia |
| 141.20.38.152 | Germany | Zentraleinrichtung Computer- und Medienservice Berlin |
| 140.67.253.61 | United States | United States Department of Defense (DoD) |
| 140.146.24.150 | United States | University of Wisconsin Whitewater |
| 140.128.148.13 | Taiwan | imported inetnum object for MOEC |
| 14.248.73.2 | Vietnam | Vietnam Posts and Telecommunications Group No 57, Huynh Thuc Khang Street, Lang Ha ward, Dong Da district, Ha Noi City |
| 139.27.135.150 | Germany | thyssenkrupp Steel Europe AG SteelANNE Kaiser-Wilhelm-Str. 100 47166 Duisburg |
| 139.166.12.248 | United Kingdom | National Oceanography Centre |
| 138.75.106.234 | Singapore | M1 LIMITED 10 International Business Park |
| 138.21.198.113 | France | Renault corporate network |
| 138.166.144.245 | United States | United States Department of Defense (DoD) |
| 135.55.108.97 | United States | Avaya LLC |
| 135.243.94.37 | United States | Microsoft Corporation AS8075 To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to: * https://cert.microsoft.com For SPAM and other abuse issues, such as Microsoft Accounts, please contact: * abuse@microsoft.com To report security vulnerabilities in Microsoft products and services, please contact: * secure@microsoft.com For legal and law enforcement-related requests, please contact: * msndcc@microsoft.com For routing, peering or DNS issues, please contact: * IOC@microsoft.com |
| 134.244.161.34 | United States | Siemens Corporation |
| 133.102.208.162 | Japan | — |
| 132.31.166.210 | United States | United States Department of Defense (DoD) |
| 132.23.217.152 | United States | United States Department of Defense (DoD) |
| 132.184.228.143 | Peru | ENTEL PERU S.A. |
| 132.156.190.131 | Canada | Shared Services Canada |
| 131.138.181.217 | Canada | Shared Services Canada |
| 130.85.148.30 | United States | University of Maryland Baltimore County (UMBC) |
| 130.59.104.245 | Switzerland | Zurich, Switzerland |
| 130.247.157.181 | United States | The Boeing Company |
| 130.21.127.72 | United States | Amazon.com, Inc. |
| 13.209.252.6 | Korea, Republic of | Amazon Technologies Inc. |
| 129.167.198.91 | United States | National Aeronautics and Space Administration |
| 129.135.71.189 | United States | Microsoft Corporation AS8075 To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to: * https://cert.microsoft.com For SPAM and other abuse issues, such as Microsoft Accounts, please contact: * abuse@microsoft.com To report security vulnerabilities in Microsoft products and services, please contact: * secure@microsoft.com For legal and law enforcement-related requests, please contact: * msndcc@microsoft.com For routing, peering or DNS issues, please contact: * IOC@microsoft.com |
| 128.54.36.38 | United States | University of California, San Diego |
| 125.56.195.76 | United States | Akamai Technologies, Inc. |
| 124.195.99.216 | Indonesia | PT. Indosat Tbk Jl. Medan Merdeka Barat No.21 Jakarta Pusat |
| 124.177.72.181 | Australia | Telstra Limited |
| 123.40.250.116 | Korea, Republic of | SamsungSDS Inc. |
| 123.26.164.186 | Vietnam | Vietnam Posts and Telecommunications Group No 57, Huynh Thuc Khang Street, Lang Ha ward, Dong Da district, Ha Noi City |
| 122.1.208.41 | Japan | — |
| 121.61.17.41 | China | CHINANET Hubei province network Data Communication Division China Telecom |
| 121.48.114.59 | China | China Education and Research Network Chengdu Regional Network |
| 121.45.24.115 | Australia | iiNet Limited Accounts Payable Department Locked Bag 16 |
| 121.179.90.228 | Korea, Republic of | Korea Telecom |
| 120.87.21.138 | China | China Unicom Guangdong province network China Unicom |
| 12.56.185.220 | United States | AT&T Enterprises, LLC |
| 12.247.225.59 | United States | AT&T Enterprises, LLC |
| 119.86.251.86 | China | CHINANET Chongqing Province Network Data Communication Division China Telecom |
| 119.234.207.40 | Singapore | SingNet Pte Ltd c/o Singapore Telecommunications 31 Exeter Road Comcentre Podium Block, # 05-04 |
| 118.24.102.181 | China | Tencent Cloud Computing (Beijing) Co., Ltd Floor 6, Yinke Building, 38 Haidian St, Haidian District |
| 118.192.157.40 | China | West Side, 7th Floor, Beike Building, No. 27, West Third Ring Road North Haidian District, Beijing, P.R.China Beijing Sanxin Times Technology Co., Ltd |
| 117.200.23.170 | India | Broadband Multiplay Project, O/o DGM BB, NOC BSNL Bangalore |
| 116.206.201.100 | India | Premier Broadband Services |
| 116.185.196.40 | China | China United Network Communications Corporation Limited No.21 Financial Street,Xicheng District, Beijing 100140 ,P.R.China |
| 115.84.248.39 | Philippines | Eastern Telecom Philippines Inc. |
| 115.231.49.12 | China | Ningbo Wanli College |
| 114.204.18.93 | Korea, Republic of | SK Broadband Co Ltd |
| 113.200.46.7 | China | China Unicom Shannxi Province Network China Unicom |
| 112.32.110.138 | China | China Mobile Communications Corporation Mobile Communications Network Operator in China Internet Service Provider in China |
| 112.131.154.202 | China | China Cable Television Network Co.,LTD No.11 B-01, XiSanHuanZhong Road, HaiDian District, Beijing, P.R.China 100036 |
| 111.196.19.128 | China | China Unicom Beijing province network China Unicom |
| 111.140.236.215 | China | North Star Information Hi.tech Ltd. Co. |
| 110.158.177.66 | Japan | — |
| 11.197.111.131 | United States | United States Department of Defense (DoD) |
| 109.4.138.216 | France | VPN IP service on NIM (MPLS network) CPE addresses for management |
| 106.95.37.117 | China | CHINANET Chongqing Province Network Data Communication Division China Telecom |
| 106.6.91.191 | China | CHINANET JIANGXI PROVINCE NETWORK China Telecom No.31,jingrong street Beijing 100032 |
| 103.80.168.11 | Hong Kong | COMNET ONLINE PRIVATE LIMITED |
| 102.46.209.164 | United States | TE Data |
| 101.14.254.14 | Taiwan | Taiwan Mobile Co., Ltd. 6Fl., No. 172-1, Sec. 2, Ji-Long.Rd. Taipei Taiwan 106 |
| 100.61.152.77 | United States | Amazon.com, Inc. |
| 1.94.182.175 | China | Beijing Teletron Telecom Engineering Co., Ltd. Jian Guo Road, Chaoyang District, Beijing, PR.China |
| 1.127.148.201 | Australia | Telstra Limited |
DNS Queries
| Request | Type |
|---|---|
| www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com | A |
| 5isohu.com | A |
| www.msftncsi.com | A |
| www.aieov.com | A |
Contacted IPs
| IP | Country | ASN/Org |
|---|---|---|
| 224.0.0.252 | — | — |
| 239.255.255.250 | — | — |
| 8.8.4.4 | United States | Google LLC |
| 8.8.8.8 | United States | Google LLC |
| 98.180.209.7 | United States | Cox Communications Inc. |
| 97.243.237.252 | United States | Verizon Business |
| 97.22.158.188 | United States | Verizon Business |
| 96.136.50.212 | United States | Comcast Cable Communications, LLC |
| 96.117.42.63 | United States | Comcast Cable Communications, LLC |
| 95.241.59.85 | Italy | Telecom Italia S.p.A. Alice – Smart Services |
| 95.12.187.54 | Turkey | TurkTelekom |
| 94.89.89.193 | Italy | INTERBUSINESS |
| 94.15.170.144 | United Kingdom | Sky UK Limited |
| 93.90.5.41 | Denmark | Dyrup-Sanderum Antenneforening |
| 93.222.71.113 | Germany | Deutsche Telekom AG |
| 92.140.117.147 | France | POP LIL |
| 91.84.117.238 | United Kingdom | Amsterdam, Netherlands |
| 91.25.38.207 | Germany | Deutsche Telekom AG, Internet service provider |
| 91.237.150.7 | Russian Federation | Not known |
| 90.207.102.122 | United Kingdom | Sky UK Limited |
| 90.108.86.215 | France | POP Rouen |
| 9.199.221.110 | United States | IBM |
| 9.115.20.148 | United States | IBM |
| 89.63.96.135 | Germany | Not known |
| 89.224.155.68 | France | SFR Altice France |
| 89.15.211.138 | Germany | Telefonica Germany GmbH & Co.OHG |
| 88.93.201.214 | Norway | Telenor Norge AS Snaroyveien 30D 1331 Fornebu Norway |
| 88.63.149.240 | Italy | INTERBUSINESS |
| 88.225.97.32 | Turkey | TT ADSL-meb_ulu |
| 86.86.92.103 | Netherlands | Customers |
| 86.36.5.136 | Qatar | Not known |
| 86.212.111.200 | France | POP NAN |
| 86.193.71.207 | France | POP Montpellier |
| 85.165.209.42 | Norway | Telenor Norge AS |
| 84.248.210.69 | Finland | Telia Finland Oyj |
| 84.200.181.34 | Germany | IP-Routing by Accelerated IT Services GmbH |
| 84.136.185.130 | Germany | Deutsche Telekom AG |
| 84.122.106.167 | Spain | Cableuropa – ONO ONO net in whole Spain |
| 83.74.108.30 | Denmark | Telenor Denmark |
| 83.1.62.148 | Poland | Interkam S.C. al. 600-Lecia 44b 96-500 Sochaczew |
| 82.36.131.41 | United Kingdom | TILBURY |
| 81.61.178.47 | Spain | ONO_HFC |
| 81.246.67.238 | Belgium | Fourisol Multi Services |
| 80.67.16.227 | Germany | DOMAINFACTORY OFFICE ISMANING |
| 8.24.130.158 | United States | Level 3 Parent, LLC |
| 78.184.55.84 | Turkey | TT ADSL-TTnet_dynamic_gay |
| 77.98.186.166 | United Kingdom | DERBY |
| 77.59.141.194 | Switzerland | DHCP Scopes Zuerich |
| 77.42.118.13 | Iran, Islamic Republic of | HETZNER-DC |
| 77.249.0.192 | Netherlands | CPE Customers NL |
| 77.159.147.224 | France | SFR ALTICE France |
| 76.77.171.253 | United States | Point Broadband Fiber Holding, LLC |
| 76.27.243.124 | United States | Comcast Cable Communications, LLC |
| 76.240.211.45 | United States | AT&T Enterprises, LLC |
| 76.112.207.5 | United States | Comcast Cable Communications, LLC |
| 74.213.45.174 | United States | Logix |
| 74.122.52.52 | Canada | Rural Wave |
| 73.130.219.14 | United States | Comcast Cable Communications, LLC |
| 72.116.178.34 | United States | Verizon Business |
| 71.32.115.231 | United States | CenturyLink Communications, LLC |
| 71.16.200.166 | United States | Amazon.com, Inc. |
| 70.222.253.195 | United States | Verizon Business |
| 7.40.107.242 | United States | United States Department of Defense (DoD) |
| 69.173.86.112 | United States | The Broad Institute, Inc. |
| 69.0.51.85 | United States | AT&T Enterprises, LLC |
| 68.14.29.156 | United States | Cox Communications Inc. |
| 67.166.89.174 | United States | Comcast Cable Communications, LLC |
| 67.115.218.116 | United States | AT&T Enterprises, LLC |
| 66.84.31.201 | United States | HostPapa |
| 66.80.209.191 | United States | GTT Americas, LLC |
| 66.45.69.7 | United States | BroadbandONE, LLC |
| 66.26.23.14 | United States | Charter Communications Inc |
| 66.152.164.142 | United States | Amazon.com, Inc. |
| 65.61.214.2 | Canada | In2net Network Inc. |
| 65.136.115.117 | United States | CenturyLink Communications, LLC |
| 63.221.4.206 | United States | PCCW Global, Inc. |
| 63.140.62.247 | United States | Adobe Inc. |
| 63.14.192.84 | United States | Verizon Business |
| 62.214.183.127 | Germany | Versatel Deutschland VPN Services |
| 62.194.79.6 | Netherlands | CPE Customers NL |
| 62.11.32.251 | Italy | Not known |
| 61.38.227.89 | Korea, Republic of | LG DACOM Corporation |
| 60.248.45.92 | Taiwan | Data Communication Business Group, Chunghwa Telecom Co.,Ltd. No.21, Sec.1, Xinyi Rd., Taipei City 10048, Taiwan |
| 60.223.65.24 | China | China Unicom Shanxi Province Network China Unicom |
| 60.140.42.162 | Japan | Japan Nation-wide Network of Softbank Corp. |
| 59.89.244.248 | India | O/o DGM BB, NOC BSNL Bangalore |
| 58.102.47.207 | Korea, Republic of | SK Telecom |
| 58.0.205.28 | Japan | COLT Technology Services |
| 56.196.147.183 | United States | Amazon.com, Inc. |
| 56.180.7.38 | United States | Amazon.com, Inc. |
| 56.177.108.46 | United States | Amazon.com, Inc. |
| 55.233.103.250 | United States | United States Department of Defense (DoD) |
| 54.68.0.30 | United States | Amazon Technologies Inc. |
| 54.138.116.91 | United States | Amazon.com, Inc. |
| 53.102.240.177 | Germany | Mercedes-Benz Group AG |
| 53.0.204.56 | Germany | Mercedes-Benz Group AG |
| 52.212.100.186 | Ireland | Amazon Technologies Inc. |
| 52.20.19.165 | United States | Amazon Technologies Inc. |
| 51.125.213.166 | United Kingdom | Not known |
| 50.31.168.28 | United States | DEFT.COM |
| 49.81.211.194 | China | CHINANET jiangsu province network China Telecom 260 Zhongyang Road,Nanjing 210037 |
| 49.79.142.187 | China | CHINANET jiangsu province network China Telecom 260 Zhongyang Road,Nanjing 210037 |
| 49.249.39.139 | India | Tata Teleservices Limited -GSM Division D 26/2 TTC INDUSTRIAL AREA MIDC SANPADA PO TURBHE NAVI MUMBAI |
| 48.188.35.10 | United States | Microsoft Corporation AS8075 To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to: * https://cert.microsoft.com For SPAM and other abuse issues, such as Microsoft Accounts, please contact: * abuse@microsoft.com To report security vulnerabilities in Microsoft products and services, please contact: * secure@microsoft.com For legal and law enforcement-related requests, please contact: * msndcc@microsoft.com For routing, peering or DNS issues, please contact: * IOC@microsoft.com |
| 46.64.235.97 | United Kingdom | Sky UK Limited |
| 46.45.14.14 | Russian Federation | Vega Service, LLC |
| 46.43.27.45 | United Kingdom | Bytemark Computer Consulting Ltd /18 PA |
| 46.37.176.157 | United Kingdom | UKFAST-MAN5-EC-1 |
| 46.157.202.174 | Norway | Telenor Norge AS Snaroyveien 30D 1331 Fornebu Norway |
| 46.149.144.54 | Poland | This space is statically assigned |
| 45.37.168.122 | United States | Not known |
| 44.78.37.142 | United States | Amateur Radio Digital Communications |
| 44.46.166.28 | United States | Amateur Radio Digital Communications |
| 42.7.162.48 | China | UNICOM Liaoning Province Network China Unicom No.21, Jin-Rong Street Beijing 100033 |
| 41.143.182.205 | Morocco | ADSL_Maroc_telecom |
| 40.186.43.102 | United States | Amazon.com, Inc. |
| 40.143.186.206 | United States | TierPoint, LLC |
| 4.201.137.165 | United States | Microsoft Corporation |
| 4.128.215.196 | United States | Microsoft Corporation |
| 39.249.123.113 | Indonesia | Gd. Wisma Mulia Lt.M-19 |
| 38.42.77.21 | United States | Cogent Communications, LLC |
| 37.78.173.195 | Russian Federation | OJSC Rostelecom Macroregional Branch South Krasnodar, Russia |
| 37.37.212.22 | Kuwait | ZAIN KW |
| 36.42.96.234 | China | CHINANET SHAANXI PROVINCE NETWORK China Telecom No.56,gaoxin street Beijing 100032 |
| 36.239.11.239 | Taiwan | Data Communication Business Group, Chunghwa Telecom Co.,Ltd. No.21, Sec.1, Xinyi Rd., Taipei City 10048, Taiwan |
| 36.215.207.198 | China | China Mobile Communications Group Co., Ltd. |
| 34.88.209.54 | United States | Google LLC |
| 34.5.12.176 | United States | Google LLC |
| 33.30.244.122 | United States | United States Department of Defense (DoD) |
| 31.39.1.110 | France | Pool for Broadband DSL customers |
| 3.102.231.15 | United States | Amazon Technologies Inc. |
| 29.213.41.252 | United States | United States Department of Defense (DoD) |
| 29.14.1.98 | United States | United States Department of Defense (DoD) |
| 28.86.69.223 | United States | United States Department of Defense (DoD) |
| 28.177.26.221 | United States | United States Department of Defense (DoD) |
| 27.68.186.14 | Vietnam | Viettel Group No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City |
| 26.185.49.216 | United States | United States Department of Defense (DoD) |
| 25.238.203.142 | United Kingdom | Not known |
| 25.144.131.96 | United Kingdom | Not known |
| 25.113.127.2 | United Kingdom | Not known |
| 24.204.170.228 | Canada | AcenTek |
| 24.137.218.9 | Canada | Rogers Communications Canada Inc. |
| 223.189.182.11 | India | Plot No. 16, Phase IV, Sector 18, Gurugram, Haryana 122015 |
| 222.158.153.140 | Japan | FUJITSU LIMITED 17-25, SHINKAMATA 1-CHOME, OTA-KU, TOKYO 144-8588, JAPAN |
| 221.221.142.205 | China | China Unicom Beijing province network China Unicom |
| 220.203.44.65 | China | China Unicom No.21 Financial Street,Xicheng District, Beijing 100140 ,P.R.China |
| 22.24.178.93 | United States | United States Department of Defense (DoD) |
| 22.154.55.198 | United States | United States Department of Defense (DoD) |
| 219.227.231.51 | China | China Education and Research Network Guangzhou Regional Network |
| 218.240.18.203 | China | Golden-Bridge Netcom communication Co.,LTD. 11/F,Tower B,Xinhong Building NO.31,Huli District,Xiamen |
| 218.2.35.134 | China | CHINANET jiangsu province network China Telecom A12,Xin-Jie-Kou-Wai Street Beijing 100088 |
| 217.225.163.243 | Germany | Deutsche Telekom AG |
| 217.137.252.11 | United Kingdom | Virgin Media |
| 217.128.37.143 | France | LNPUT658 Puteaux |
| 217.117.71.121 | Ukraine | —–BEGIN CERTIFICATE—–MIIDZjCCAk4CCQCGAsBEAam2JzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVQTEPMA0GA1UEBwwGRG5pcHJvMRMwEQYDVQQKDApQcml2YXRiYW5rMQwwCgYDVQQLDANOT0MxDjAMBgNVBAMMBXBiLnVhMSIwIAYJKoZIhvcNAQkBFhNzYXNoYUBwcml2YXRiYW5rLnVhMB4XDTIyMDMyNDEyMTQzMloXDTMyMDMyMTEyMTQzMlowdTELMAkGA1UEBhMCVUExDzANBgNVBAcMBkRuaXBybzETMBEGA1UECgwKUHJpdmF0YmFuazEMMAoGA1UECwwDTk9DMQ4wDAYDVQQDDAVwYi51YTEiMCAGCSqGSIb3DQEJARYTc2FzaGFAcHJpdmF0YmFuay51YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSvuJes/Lkc0Tm2UZrRJqjboGmGcGP3E/YHKmsaQ7obApFMzrO/gwmmEYy9r4XuJqiP14u//ujcKbz+KxqjJg51YovSHSLQMW5UU30r4RAtWwepSU7XzYxiU0G5pew2C1Y9tafws649TntqNzkpprC/ADBXTkObb+5/1QV8M8r5MOzTxCMYvdIv7cAuFoCl4czzEbAZjvR6EeB+mcOw/oT3b38RGGqIBdeBOJJ9b3oOfCxAeeugdrp2yIUjq59FIxBj4gPBpUWtKI7EQbXyb4A5Ib8fUsjMem6/i54zJxXmBkEtRIQqazA89dmtlg1Ov5jyIrN4cPa0FLdwUh2WGzECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAQ5t44FpQ+R0WImpBa3V3sGj+J2hxaTxQRbIqoqjebLst7WChQLiKIO0l+R4li/BBIwr9ZLBVAQvA/esJsIAAmSMoQLlASVa0uzbhfcboJFZexy/tIMEwhN7wZXdSRnBCjr3hE/TcfEBAQ4uHzr7ZClsMjKKf7bnYyIE1eU/jOTKE4GR2s1RZ/ZtQv9A8yxmJVjqwRgqpxo0RVD9dIiPWHhRsZU0tCz3TEumIBNcsmPebuGUMwnDqhn57KDR/SWt+jICDLHUfNBZUpJ+aPWiAJw7X/W7Tof25XDKy3q1XHZbyf5A1dQUwAjzTOKsG43SVEt0VuWIQZ/fFY62RhbygTA==—–END CERTIFICATE—– |
| 217.114.106.163 | Netherlands | IQ-Media B.V. |
| 216.96.224.120 | United States | University of Tennessee |
| 216.96.187.190 | United States | University of Tennessee |
| 216.254.71.95 | United States | GTT Americas, LLC |
| 215.111.176.148 | United States | United States Department of Defense (DoD) |
| 214.76.11.161 | United States | United States Department of Defense (DoD) |
| 214.51.249.8 | United States | United States Department of Defense (DoD) |
| 214.16.149.3 | United States | United States Department of Defense (DoD) |
| 214.127.231.11 | United States | United States Department of Defense (DoD) |
| 213.48.27.230 | United Kingdom | INTERNET |
| 213.0.99.70 | Spain | LIVE NATION ESPANA SAU Internet Public Addresses __ |
| 212.245.215.158 | Italy | WIND Telecomunicazioni S.p.A |
| 210.26.51.33 | China | China Education and Research Network Room 224, Tsinghua University Beijing, China |
| 210.190.23.38 | Japan | Japan Network Information Center |
| 210.151.29.151 | Japan | Japan Network Information Center |
| 210.121.16.254 | Korea, Republic of | SEJONG NETWORKS |
| 21.140.63.215 | United States | United States Department of Defense (DoD) |
| 21.125.186.61 | United States | United States Department of Defense (DoD) |
| 208.50.125.245 | United States | Level 3 Parent, LLC |
| 208.128.243.31 | United States | CenturyLink Communications, LLC |
| 207.101.237.57 | United States | Verizon Business |
| 206.127.235.57 | United States | City Wide Communications Inc. |
| 205.195.96.178 | Canada | Shared Services Canada |
| 205.134.178.50 | United States | American Information Network |
| 204.37.75.110 | United States | United States Department of Defense (DoD) |
| 204.106.239.176 | United States | Inland Internet |
| 203.95.92.251 | Singapore | ATOS Information Technology (Singapore) Pte Ltd |
| 203.30.175.223 | China | CHINANET FUJIAN PROVINCE NETWORK China Telecom No.31,jingrong street Beijing 100032 |
| 203.155.107.100 | Thailand | KSC Commercial Internet Co. Ltd. 2/4 Samaggi Insurance Tower 10th Fl., Viphavadee-Rangsit RD Thungsonghong, Laksi Bangkok 10210 |
| 202.41.42.241 | India | BHARAT HEAVY ELECTRICALS LIMITED |
| 200.118.26.206 | Colombia | Telmex Colombia S.A. |
| 20.97.193.128 | United States | Microsoft Corporation |
| 20.83.186.75 | United States | Microsoft Corporation |
| 2.67.225.25 | Sweden | 3 Customer dynamic address pool |
| 2.150.75.1 | Norway | Telenor Norge AS Snaroyveien 30D 1331 Fornebu Norway |
| 199.119.159.204 | United States | Hargray Communications Group, Inc. |
| 198.46.183.12 | United States | HostPapa |
| 198.132.61.54 | United States | Amazon.com, Inc. |
| 198.113.246.30 | United States | Level 3 Parent, LLC |
| 197.217.246.177 | Angola | Angola Telecom |
| 196.40.225.87 | Nigeria | University of Abuja |
| 196.220.41.57 | United States | 1-grid |
| 194.138.179.227 | Germany | world headquarter Wittelsbacherplatz 2 DE-80333 Munich sites in Europe |
| 193.163.108.225 | Denmark | Not known |
| 193.144.18.57 | Spain | RedIRIS Provider Block |
| 193.123.173.35 | United States | Oracle Corporation |
| 192.127.64.147 | United States | NCR Voyix Corporation |
| 191.74.80.238 | Colombia | COMUNICACIN CELULAR S.A. COMCEL S.A. |
| 190.234.198.51 | Peru | PE-TDP-GRS |
| 19.88.17.228 | United States | Ford Motor Company |
| 19.180.155.74 | United States | Ford Motor Company |
| 189.228.62.254 | Mexico | UNINET |
| 188.2.196.9 | Serbia | IP Range for cable modem customers |
| 186.144.194.48 | Colombia | Telmex Colombia S.A. |
| 186.139.194.186 | Argentina | Telecom Argentina S.A. |
| 183.9.88.225 | China | CHINANET Guangdong province network Data Communication Division China Telecom |
| 183.224.7.134 | China | China Mobile Communications Corporation Mobile Communications Network Operator in China Internet Service Provider in China |
| 183.221.75.115 | China | China Mobile Communications Corporation Mobile Communications Network Operator in China Internet Service Provider in China |
| 183.210.12.234 | China | China Mobile Communications Corporation Mobile Communications Network Operator in China Internet Service Provider in China |
| 182.232.84.115 | Thailand | Assign for AIS_Internet Customers |
| 182.116.221.97 | China | China Unicom Henan province network China Unicom No.21,Ji-Rong Street, Beijing 100032 |
| 181.7.57.68 | Argentina | Telecom Personal Bs As |
| 18.102.86.134 | United States | Amazon Technologies Inc. |
| 179.44.202.84 | Venezuela | TELEFONICA VENEZOLANA, C.A. |
| 179.237.246.8 | Brazil | TELEFNICA BRASIL S.A |
| 179.178.191.160 | Brazil | TELEFNICA BRASIL S.A |
| 179.115.59.44 | Brazil | TELEFNICA BRASIL S.A |
| 177.89.167.144 | Brazil | Alares Cabo Servicos de Telecomunicacoes S.A. |
| 177.200.133.3 | Brazil | CARVALHO & DUARTE TELECOM LTDA ME |
| 176.4.41.95 | Germany | Telefonica Germany GmbH & Co. OHG Georg-Brauchle-Ring 50 80992 Muenchen |
| 176.173.121.145 | France | Bouygues Telecom Division Mobile Pool for APN 2G/3G/4G End users |
| 175.52.7.80 | China | North Star Information Hi.tech Ltd. Co. No.18, Beifengwo Road, Haidian District, Beijing, China, 100038 |
| 175.203.221.41 | Korea, Republic of | Korea Telecom |
| 173.92.156.203 | United States | Charter Communications Inc |
| 172.142.18.80 | United Kingdom | Microsoft Corporation AS8075 To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to: * https://cert.microsoft.com For SPAM and other abuse issues, such as Microsoft Accounts, please contact: * abuse@microsoft.com To report security vulnerabilities in Microsoft products and services, please contact: * secure@microsoft.com For legal and law enforcement-related requests, please contact: * msndcc@microsoft.com For routing, peering or DNS issues, please contact: * IOC@microsoft.com |
| 171.152.230.243 | United States | Bank of America, National Association |
| 17.131.242.211 | United States | Apple Inc. |
| 17.13.19.61 | United States | Apple Inc. |
| 169.241.207.166 | United States | Clark County School District |
| 168.7.51.200 | United States | Rice University |
| 167.70.49.209 | United States | Bank of America, National Association |
| 166.85.170.222 | South Africa | The Standard Bank of South Africa Limited |
| 166.79.193.138 | Korea, Republic of | SamsungSDS Inc. |
| 166.248.252.41 | United States | Verizon Business |
| 166.18.84.190 | United States | Lockheed Martin Corporation |
| 166.18.146.222 | United States | Lockheed Martin Corporation |
| 165.9.152.10 | South Africa | South African Post Office Private Bag X846 Pretoria 0001 |
| 163.137.233.247 | Japan | — |
| 162.67.45.236 | United States | Securities Industry Automation Corporation |
| 162.61.154.31 | United States | Amazon.com, Inc. |
| 162.53.151.155 | Canada | Loblaw Companies Limited |
| 162.176.20.32 | United States | T-Mobile USA, Inc. |
| 162.155.162.73 | United States | Charter Communications Inc |
| 162.112.108.97 | New Zealand | Air New Zealand Limited |
| 161.235.26.190 | United States | AEPSC |
| 161.125.103.195 | United States | — |
| 160.184.29.169 | United States | The whole IPv4 address space |
| 16.203.84.149 | United States | Charter Communications LLC |
| 157.235.86.3 | United States | Zebra Technologies Corporation |
| 157.175.6.208 | Bahrain | Amazon.com, Inc. |
| 156.171.82.174 | Egypt | Etisalat-Misr 2G/3G subscribers |
| 155.48.150.89 | United States | Babson College |
| 155.229.98.45 | United States | GTT Americas, LLC |
| 154.220.43.49 | Hong Kong | Digital Core Technology Co., Limited |
| 153.118.253.235 | China | CHINANET SHANDONG PROVINCE NETWORK China Telecom No.31,jingrong street Beijing 100032 |
| 152.186.183.243 | United States | Verizon Business |
| 151.224.40.188 | United Kingdom | Sky UK Limited |
| 151.126.127.13 | United States | Southern Nuclear Operating Company |
| 149.70.158.5 | United States | Bank Street College |
| 149.45.31.57 | United States | Cerner Corporation |
| 148.33.145.108 | United States | United States Department of Defense (DoD) |
| 148.117.64.155 | Canada | Toronto Police Service |
| 146.240.231.154 | United States | Pfizer Inc. |
| 144.69.52.169 | United States | IBM Cloud |
| 144.248.116.73 | Belgium | UZ Brussel |
| 142.96.26.10 | Canada | Bell Canada |
| 142.54.55.25 | Canada | GOCO TECHNOLOGY LIMITED PARTNERSHIP |
| 142.27.86.48 | Canada | Province of British Columbia |
| 141.20.38.152 | Germany | Zentraleinrichtung Computer- und Medienservice Berlin |
| 140.67.253.61 | United States | United States Department of Defense (DoD) |
| 140.146.24.150 | United States | University of Wisconsin Whitewater |
| 140.128.148.13 | Taiwan | imported inetnum object for MOEC |
| 14.248.73.2 | Vietnam | Vietnam Posts and Telecommunications Group No 57, Huynh Thuc Khang Street, Lang Ha ward, Dong Da district, Ha Noi City |
| 139.27.135.150 | Germany | thyssenkrupp Steel Europe AG SteelANNE Kaiser-Wilhelm-Str. 100 47166 Duisburg |
| 139.166.12.248 | United Kingdom | National Oceanography Centre |
| 138.75.106.234 | Singapore | M1 LIMITED 10 International Business Park |
| 138.21.198.113 | France | Renault corporate network |
| 138.166.144.245 | United States | United States Department of Defense (DoD) |
| 135.55.108.97 | United States | Avaya LLC |
| 135.243.94.37 | United States | Microsoft Corporation AS8075 To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to: * https://cert.microsoft.com For SPAM and other abuse issues, such as Microsoft Accounts, please contact: * abuse@microsoft.com To report security vulnerabilities in Microsoft products and services, please contact: * secure@microsoft.com For legal and law enforcement-related requests, please contact: * msndcc@microsoft.com For routing, peering or DNS issues, please contact: * IOC@microsoft.com |
| 134.244.161.34 | United States | Siemens Corporation |
| 133.102.208.162 | Japan | — |
| 132.31.166.210 | United States | United States Department of Defense (DoD) |
| 132.23.217.152 | United States | United States Department of Defense (DoD) |
| 132.184.228.143 | Peru | ENTEL PERU S.A. |
| 132.156.190.131 | Canada | Shared Services Canada |
| 131.138.181.217 | Canada | Shared Services Canada |
| 130.85.148.30 | United States | University of Maryland Baltimore County (UMBC) |
| 130.59.104.245 | Switzerland | Zurich, Switzerland |
| 130.247.157.181 | United States | The Boeing Company |
| 130.21.127.72 | United States | Amazon.com, Inc. |
| 13.209.252.6 | Korea, Republic of | Amazon Technologies Inc. |
| 129.167.198.91 | United States | National Aeronautics and Space Administration |
| 129.135.71.189 | United States | Microsoft Corporation AS8075 To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to: * https://cert.microsoft.com For SPAM and other abuse issues, such as Microsoft Accounts, please contact: * abuse@microsoft.com To report security vulnerabilities in Microsoft products and services, please contact: * secure@microsoft.com For legal and law enforcement-related requests, please contact: * msndcc@microsoft.com For routing, peering or DNS issues, please contact: * IOC@microsoft.com |
| 128.54.36.38 | United States | University of California, San Diego |
| 125.56.195.76 | United States | Akamai Technologies, Inc. |
| 124.195.99.216 | Indonesia | PT. Indosat Tbk Jl. Medan Merdeka Barat No.21 Jakarta Pusat |
| 124.177.72.181 | Australia | Telstra Limited |
| 123.40.250.116 | Korea, Republic of | SamsungSDS Inc. |
| 123.26.164.186 | Vietnam | Vietnam Posts and Telecommunications Group No 57, Huynh Thuc Khang Street, Lang Ha ward, Dong Da district, Ha Noi City |
| 122.1.208.41 | Japan | — |
| 121.61.17.41 | China | CHINANET Hubei province network Data Communication Division China Telecom |
| 121.48.114.59 | China | China Education and Research Network Chengdu Regional Network |
| 121.45.24.115 | Australia | iiNet Limited Accounts Payable Department Locked Bag 16 |
| 121.179.90.228 | Korea, Republic of | Korea Telecom |
| 120.87.21.138 | China | China Unicom Guangdong province network China Unicom |
| 12.56.185.220 | United States | AT&T Enterprises, LLC |
| 12.247.225.59 | United States | AT&T Enterprises, LLC |
| 119.86.251.86 | China | CHINANET Chongqing Province Network Data Communication Division China Telecom |
| 119.234.207.40 | Singapore | SingNet Pte Ltd c/o Singapore Telecommunications 31 Exeter Road Comcentre Podium Block, # 05-04 |
| 118.24.102.181 | China | Tencent Cloud Computing (Beijing) Co., Ltd Floor 6, Yinke Building, 38 Haidian St, Haidian District |
| 118.192.157.40 | China | West Side, 7th Floor, Beike Building, No. 27, West Third Ring Road North Haidian District, Beijing, P.R.China Beijing Sanxin Times Technology Co., Ltd |
| 117.200.23.170 | India | Broadband Multiplay Project, O/o DGM BB, NOC BSNL Bangalore |
| 116.206.201.100 | India | Premier Broadband Services |
| 116.185.196.40 | China | China United Network Communications Corporation Limited No.21 Financial Street,Xicheng District, Beijing 100140 ,P.R.China |
| 115.84.248.39 | Philippines | Eastern Telecom Philippines Inc. |
| 115.231.49.12 | China | Ningbo Wanli College |
| 114.204.18.93 | Korea, Republic of | SK Broadband Co Ltd |
| 113.200.46.7 | China | China Unicom Shannxi Province Network China Unicom |
| 112.32.110.138 | China | China Mobile Communications Corporation Mobile Communications Network Operator in China Internet Service Provider in China |
| 112.131.154.202 | China | China Cable Television Network Co.,LTD No.11 B-01, XiSanHuanZhong Road, HaiDian District, Beijing, P.R.China 100036 |
| 111.196.19.128 | China | China Unicom Beijing province network China Unicom |
| 111.140.236.215 | China | North Star Information Hi.tech Ltd. Co. |
| 110.158.177.66 | Japan | — |
| 11.197.111.131 | United States | United States Department of Defense (DoD) |
| 109.4.138.216 | France | VPN IP service on NIM (MPLS network) CPE addresses for management |
| 106.95.37.117 | China | CHINANET Chongqing Province Network Data Communication Division China Telecom |
| 106.6.91.191 | China | CHINANET JIANGXI PROVINCE NETWORK China Telecom No.31,jingrong street Beijing 100032 |
| 103.80.168.11 | Hong Kong | COMNET ONLINE PRIVATE LIMITED |
| 102.46.209.164 | United States | TE Data |
| 101.14.254.14 | Taiwan | Taiwan Mobile Co., Ltd. 6Fl., No. 172-1, Sec. 2, Ji-Long.Rd. Taipei Taiwan 106 |
| 100.61.152.77 | United States | Amazon.com, Inc. |
| 1.94.182.175 | China | Beijing Teletron Telecom Engineering Co., Ltd. Jian Guo Road, Chaoyang District, Beijing, PR.China |
| 1.127.148.201 | Australia | Telstra Limited |
Port Distribution
| Port | Count | Protocols |
|---|---|---|
| 137 | 1 | udp |
| 138 | 1 | udp |
| 5355 | 5 | udp |
| 53 | 11 | udp |
| 3702 | 1 | udp |
UDP Packets
| Source IP | Dest IP | Sport | Dport | Time | Proto |
|---|---|---|---|---|---|
| 192.168.56.13 | 192.168.56.255 | 137 | 137 | 7.268779993057251 | udp |
| 192.168.56.13 | 192.168.56.255 | 138 | 138 | 13.268903970718384 | udp |
| 192.168.56.13 | 224.0.0.252 | 49311 | 5355 | 9.175657033920288 | udp |
| 192.168.56.13 | 224.0.0.252 | 54881 | 5355 | 9.768437147140503 | udp |
| 192.168.56.13 | 224.0.0.252 | 55150 | 5355 | 7.203423976898193 | udp |
| 192.168.56.13 | 224.0.0.252 | 60010 | 5355 | 8.68229603767395 | udp |
| 192.168.56.13 | 224.0.0.252 | 62406 | 5355 | 7.211658954620361 | udp |
| 192.168.56.13 | 239.255.255.250 | 52252 | 3702 | 7.268941164016724 | udp |
| 192.168.56.13 | 8.8.4.4 | 54879 | 53 | 10.660374164581299 | udp |
| 192.168.56.13 | 8.8.4.4 | 58697 | 53 | 11.738003015518188 | udp |
| 192.168.56.13 | 8.8.4.4 | 62493 | 53 | 40.47065210342407 | udp |
| 192.168.56.13 | 8.8.4.4 | 62849 | 53 | 26.096127033233643 | udp |
| 192.168.56.13 | 8.8.4.4 | 63527 | 53 | 8.673166990280151 | udp |
| 192.168.56.13 | 8.8.8.8 | 54879 | 53 | 11.658406019210815 | udp |
| 192.168.56.13 | 8.8.8.8 | 57310 | 53 | 57.81487798690796 | udp |
| 192.168.56.13 | 8.8.8.8 | 58697 | 53 | 12.73716402053833 | udp |
| 192.168.56.13 | 8.8.8.8 | 62493 | 53 | 39.47120904922485 | udp |
| 192.168.56.13 | 8.8.8.8 | 62849 | 53 | 25.096806049346924 | udp |
| 192.168.56.13 | 8.8.8.8 | 63527 | 53 | 9.658137083053589 | udp |
Hunting tip: alert on unknown binaries initiating TLS to IP‑lookup services or unusual CDN endpoints — especially early in execution.
Persistence & Policy — Registry and Services
Registry and service telemetry points to policy awareness and environment reconnaissance rather than noisy persistence. Below is a compact view of the most relevant keys and handles; expand to see the full lists where available.
Registry Opened
318
Registry Set
10
Services Started
2
Services Opened
1
Registry Opened (Top 25)
| Key |
|---|
| HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer\DisableKnownFolders |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
| HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1 |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AutodialDLL |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
| HKEY_LOCAL_MACHINE\System\Setup |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService\AuthenticationCapabilities |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
Show all (318 total)
| Key |
|---|
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation\Parameters\RpcCacheTimeout |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService\CoInitializeSecurityAllowLowBox |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService\CoInitializeSecurityParam |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService\CoInitializeSecurityAllowCrossContainer |
| HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10 |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\ |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService\CoInitializeSecurityAllowComCapability |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService\ImpersonationLevel |
| HKEY_LOCAL_MACHINE\ZoneMap\Ranges\ |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
| HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService\CoInitializeSecurityAllowInteractiveUsers |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cookies |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService\AuthenticationLevel |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
| HKEY_CURRENT_USER\ZoneMap\Ranges\ |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\WinSock_Registry_Version |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\PeerDist\Service |
| Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228 |
| Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{32758FDB-7341-4028-ABD1-8CDDA3E25E4E}\52-54-00-b6-23-92 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477 |
| Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{32758FDB-7341-4028-ABD1-8CDDA3E25E4E} |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_CURRENT_USER\Software |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PeerDist\Service |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER |
| Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-b6-23-92 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| HKEY_LOCAL_MACHINE\System\Setup\SystemSetupInProgress |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET |
| HKEY_LOCAL_MACHINE\Software\Policies |
| Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C} |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\LanguageOverlay\OverlayPackages\en-US |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\LocalServer32 |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\\InterfaceSpecificParameters\{e87602b6-fe02-11ef-83b3-806e6f6e6963} |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\OLEAUT |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\TenantRestrictions\Payload |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\SdbUpdates\ManifestedMergeStubSdbs |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e87602b6-fe02-11ef-83b3-806e6f6e6963} |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\ |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppModel\Lookaside\user |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_TOKEN_BINDING |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173} |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091} |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\InterfaceSpecificParameters\{7561A323-748E-407F-B5D3-DA32DED77A6F} |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A168AADC-1674-49DA-AD4F-4F27DF8760D0} |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\\InterfaceSpecificParameters\{7561a323-748e-407f-b5d3-da32ded77a6f} |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\FeatureDevelopmentProperties |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\SdbUpdates |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\Elevation |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\OLE |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7561A323-748E-407F-B5D3-DA32DED77A6F} |
| HKEY_LOCAL_MACHINE\OSDATA\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| HKEY_LOCAL_MACHINE\Software\Classes\PackagedCom |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Providers\Tcpip6 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7561a323-748e-407f-b5d3-da32ded77a6f} |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149 |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\dnscache |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000323-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274 |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\PropertyBag |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Security |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_TOKEN_BINDING |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Security |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PropertyBag |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{00000323-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Wow64\x86 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Containers |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6} |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag |
| HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000323-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 001 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Security |
| HKEY_LOCAL_MACHINE\Software\Classes |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\PropertyBag |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CustomLocale |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\TreatAs |
| HKEY_CURRENT_USER\Software\Policies |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{E87602B6-FE02-11EF-83B3-806E6F6E6963} |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7561A323-748E-407F-B5D3-DA32DED77A6F} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\program.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssecsvc2.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppModel\Lookaside\machine |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Disable8And16BitMitigation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocHandler32 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Cryptography\Offload |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PolicyExtensions\TenantRestrictionsPlugin.dll |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562 |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{a168aadc-1674-49da-ad4f-4f27df8760d0}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Ole |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1 |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_URI_DISABLECACHE |
| HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PolicyExtensions |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_URI_DISABLECACHE |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{00000323-0000-0000-C000-000000000046} |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Providers\Tcpip |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Parameters |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\program.exe |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E87602B6-FE02-11EF-83B3-806E6F6E6963} |
Registry Set (Top 25)
| Key | Value |
|---|---|
| Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable | 0 |
| Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings | F |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix | Cookie: |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix | Visited: |
| {32758FDB-7341-4028-ABD1-8CDDA3E25E4E}\WpadDecisionReason | 1 |
| {32758FDB-7341-4028-ABD1-8CDDA3E25E4E}\WpadDecisionTime | 퇼ƭ䱓ǜD |
| {32758FDB-7341-4028-ABD1-8CDDA3E25E4E}\WpadDecision | 0 |
| {32758FDB-7341-4028-ABD1-8CDDA3E25E4E}\WpadNetworkName | Network 2 |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\mssecsvc2.0\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\mssecsvc2.0\ImagePath | C:\Users\<USER>\Downloads\56136dca6415dc3ab643fd2203d7c841ed9310de9a291a3358881b564ebe4dd7.exe -m security |
Services Started (Top 15)
| Service |
|---|
| mssecsvc2.0 |
| WSearch |
Services Opened (Top 15)
| Service |
|---|
| VaultSvc |
What To Do Now — Practical Defense Playbook
- Contain unknowns: block first‑run binaries by default — signatures catch up, containment works now.
- EDR controls: alert on keyboard hooks, screen capture APIs, VM/sandbox checks, and command‑shell launches.
- Registry watch: flag queries/sets under policy paths (e.g., …\FipsAlgorithmPolicy\*).
- Network rules: inspect outbound TLS to IP‑lookup services and unexpected CDN endpoints.
- Hunt broadly: sweep endpoints for the indicators above and quarantine positives immediately.
Dwell time equals attacker opportunity. Reducing execution privileges and egress shrinks that window even when vendors disagree.