HTTP request contains Base64 encoded artifacts Heuristic match: "/rpinst/log.txt?action=wrapper_started&value=0&version=7.5.0.16&distcode=T10END02&li=en&os=|SP1|en" Heuristic match: "User-Agent:RealPlayerStub/7.5.0.16" Opens the MountPointManager (often used to detect additional infection locations) "rnsetup0.exe" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\rnsetup0_RASMANCS" (Filter: 14) "rnsetup0.exe" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\rnsetup0_RASAPI32" (Filter: 14) "rnsetup0.exe" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5" (Filter: 1) "rnsetup0.exe" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9" (Filter: 1) "" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\RealTimes-RealPlayer_RASMANCS" (Filter: 14) "" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\RealTimes-RealPlayer_RASAPI32" (Filter: 14) "" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5" (Filter: 1) "" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9" (Filter: 1) "" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder" (Filter: 4) Multiple malicious artifacts seen in the context of different hosts Found malicious artifacts related to "2.16.106.170" (ASN:, Owner: ).