|
Analyzing...
|
File Name: PCOptimizerProInstaller.exe
SHA1: 1f1b808836ab6e710e3fd40f12501960dbce6538
MD5: ae99842b7c378bfd833b63b894e4ff43
First Seen Date: 2017-06-07 21:51:36.587690 ( )
Number of Clients Seen: 5
Last Analysis Date: 2018-10-23 15:41:31.517965 ( )
Human Expert Analysis Date: 2018-10-23 15:41:31.384129 ( )Human Expert Analysis Result: PUA
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2018-10-23 15:41:31.517965 | Malware | |
| Static Analysis Overall Verdict | 2018-10-23 15:41:31.517965 | No Threat Found | help |
| Dynamic Analysis Overall Verdict | 2018-10-23 15:41:31.517965 | No Threat Found | help |
| Precise Detectors Overall Verdict | 2018-10-23 15:41:31.517965 | No Match | help |
| Human Expert Analysis Overall Verdict | 2018-10-23 15:41:31.384129 | PUA | |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Detector | Result | |
|---|---|---|
| Optional Header LoaderFlags field is valued illegal | Clean | |
| Non-ascii or empty section names detected | Clean | |
| Illegal size of optional Header | Clean | |
| Packer detection on signature database | Unknown | help |
| Based on the sections entropy check! file is possibly packed | Clean | |
| Timestamp value suspicious | Clean | |
| Header Checksum is zero! | Clean | |
| Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
| Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
| Anti-vm present | Clean | |
| The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Suspicious | |
| TLS callback functions array detected | Clean | |
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Suspicious Behaviors | |
|---|---|
| Creates a child process | |
| Writes to address space of another process | |
| Uses a function clandestinely | |
| Reads memory of another process | |
| Opens a file in a system directory | |
| Has no visible windows | |
Behavioral Information
Local\MSCTF.Asm.MutexDefault1
DefaultTabtip-MainUI
{"lDistanceToMove": "12c8deb", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "110392e", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "48080", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "11ab132", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "eca9ec", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "f8", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "12c"}
{"lDistanceToMove": "1325246", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "1514a", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "12bc9a7", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "2b3ce9", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1d8"}
{"lDistanceToMove": "f41c", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1d8"}
{"lDistanceToMove": "2af41c", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1d8"}
{"lDistanceToMove": "399e5", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "4", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "131b9b4", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "0", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1d8"}
{"lDistanceToMove": "f34758", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "12e15b0", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "131d3b8", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "428c6", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "3d6be", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "0", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "132689d", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "fffffc00", "dwMoveMethod": "2", "lpDistanceToMoveHigh": "0", "hFile": "1e8"}
{"lDistanceToMove": "fffffc00", "dwMoveMethod": "2", "lpDistanceToMoveHigh": "0", "hFile": "258"}
{"lDistanceToMove": "1102d5c", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "131e9bc", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "1741c", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1d8"}
{"lDistanceToMove": "12a5b36", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "12d558f", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "12b19dc", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "17b0c", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "3fcc2", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1e0"}
{"lDistanceToMove": "1341c", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "0", "hFile": "1d8"}
2d4
318
12e
2f8
208
240
2d8
314
20c
310
1e4
368
31c
2d0
220
C:\Users\win7\AppData\Local\Temp\PCOptimizerProSetup_STD64.exe
C:\Users\win7\AppData\Local\Temp\nsl6211.tmp\NSISCallURL.dll
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\system32\RichEd20.DLL
C:\Users\win7\AppData\Local\Tem
DnsCacheEntries
DisableKeepAlive
isains
CacheMode
ProxyHttp1.1
DisableBasicOverClearChannel
DisableBranchCache
ScavengeCacheLowerBound
CertCacheNoValidate
IdnEnabled
LeashLegacyCookies
Plane16
MaxConnectionsPer1_0Server
Plane14
Plane15
Plane12
Plane13
Plane10
Plane11
MaxConnectionsPerProxy
DnsCacheTimeout
UseFirstAvailable
FrameMerging
SendTimeOut
ProxyOverride
WpadSearchAllDomains
DefaultConnectionSettings
Plane4
Plane5
Plane6
Plane7
BadProxyExpiresTime
Plane2
Plane3
HttpDefaultExpiryTimeSecs
FromCacheTimeout
Plane8
Plane9
ProxyEnable
SendExtraCRLF
DisableNTLMPreAuth
ShareCredsWithWinHttp
SocketSendBufferLength
ReceiveTimeOut
WarnOnPost
EnforceP3PValidity
ServerInfoTimeout
ConnectTimeOut
AlwaysDrainOnRedirect
WarnOnZoneCrossing
DontUseDNSLoadBalancing
EnableSpdyDebugAsserts
SecureProtocols
WarnAlwaysOnPost
AutoConfigURL
WpadOverride
PreConnectLimit
SavedLegacySettings
MaxConnectionsPerServer
TcpAutotuning
TabProcGrowth
EnableNegotiate
WarnOnBadCertRecving
EnableHttp1_1
SocketReceiveBufferLength
ClientAuthBuiltInUI
FtpDefaultExpiryTimeSecs
ScavengeCacheFileLimit
SyncMode5
CombineFalseStartData
Plane1
DnsCacheEnabled
DisableReadRange
DisableFalseStartBlocklist
ConnectRetries
SqmHttpStreamRandomUploadPoolSize
WarnOnPostRedirect
Disable
FrameTabWindow
MaxHttpRedirects
DataFilePath
AutoDetect
SystemSetupInProgress
AutoProxyDetectType
SessionMerging
ScavengeCacheFileLifeTime
FEATURE_CLIENTAUTHCERTFILTER
KeepAliveTimeout
WarnOnHTTPSToHTTPRedirect
PreResolveLimit
ProgramFilesDir
ProxyServer
DuoProtocols
AdminTabProcs
{"Reserved": "0", "hKey": "2d4", "lpData": "97bc98", "dwType": "3", "lpValueName": "SavedLegacySettings", "cbData": "b8"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "VersionMinor", "cbData": "8"}
{"Reserved": "0", "hKey": "368", "lpData": "29bf6a8", "dwType": "4", "lpValueName": "ProxyEnable", "cbData": "4"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "", "cbData": "35"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "VersionMajor", "cbData": "8"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "DisplayName", "cbData": "11"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "Publisher", "cbData": "17"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "InstallLocation", "cbData": "22"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "Lang", "cbData": "3"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "UninstallString", "cbData": "2d"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "HelpLink", "cbData": "2d"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "MinorVersion", "cbData": "8"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "URLInfoAbout", "cbData": "3e"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "MajorVersion", "cbData": "8"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "DisplayVersion", "cbData": "8"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "LNID", "cbData": "2"}
{"Reserved": "0", "hKey": "240", "lpData": "40a370", "dwType": "1", "lpValueName": "DisplayIcon", "cbData": "35"}
{"h_key": "80000002", "samDesired": "102", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "<NULL>", "phkResult": "29bff70", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\PCOptimizerPro.exe"}
{"h_key": "80000001", "samDesired": "102", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "<NULL>", "phkResult": "29bff70", "lpSubKey": "Software\\PC Optimizer Pro"}
{"h_key": "80000002", "samDesired": "102", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "<NULL>", "phkResult": "29bff70", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\PC Optimizer Pro"}
{"h_key": "80000001", "samDesired": "20006", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "29bf6ac", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"h_key": "80000001", "samDesired": "2001f", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "<NULL>", "phkResult": "267fc08", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad"}
{"h_key": "80000001", "samDesired": "1", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "29bf690", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"h_key": "80000001", "samDesired": "1", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "29bf58c", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"h_key": "80000001", "samDesired": "2", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "29bf64c", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"h_key": "80000001", "samDesired": "2001f", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "29bf7c0", "dwOptions": "0", "lpClass": "<NULL>", "phkResult": "29bf7c4", "lpSubKey": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"h_key": "80000001", "samDesired": "1", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "29bf6ac", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"dwCreationDisposition": "2", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\nsl6211.tmp\\modern-header.bmp", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "1", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\nsl6211.tmp\\System.dll", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "2", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\nsl6211.tmp\\modern-wizard.bmp", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\Downloads\\desktop.ini", "dwDesiredAccess": "80000000", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\Contacts\\desktop.ini", "dwDesiredAccess": "80000000", "dwShareMode": "7"}
{"dwCreationDisposition": "2", "path": "C:\\Users\\Public\\Desktop\\PC Optimizer Pro.lnk", "dwDesiredAccess": "c0000000", "dwShareMode": "3"}
{"dwCreationDisposition": "4", "path": "C:\\Users\\win7\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat", "dwDesiredAccess": "c0000000", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "\\\\.\\Nsi", "dwDesiredAccess": "0", "dwShareMode": "3"}
{"dwCreationDisposition": "2", "path": "C:\\Program Files\\PC Optimizer Pro\\Languages\\EN.xml", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\Fonts\\staticcache.dat", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"dwCreationDisposition": "3", "path": "C:\\Program Files\\PC Optimizer Pro\\PCOptimizerPro.exe", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\Searches\\desktop.ini", "dwDesiredAccess": "80000000", "dwShareMode": "7"}
{"dwCreationDisposition": "2", "path": "C:\\Program Files\\PC Optimizer Pro\\PCOptProTrays.exe", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\Favorites\\desktop.ini", "dwDesiredAccess": "80000000", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\nsl6211.tmp\\modern-header.bmp", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "2", "path": "C:\\Program Files\\PC Optimizer Pro\\PCOptProCtxMenu.dll", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\AppData\\Local", "dwDesiredAccess": "100081", "dwShareMode": "7"}
{"dwCreationDisposition": "2", "path": "C:\\Program Files\\PC Optimizer Pro\\uninst.exe", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7", "dwDesiredAccess": "100081", "dwShareMode": "7"}
{"dwCreationDisposition": "1", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\nsl6211.tmp\\NSISCallURL.dll", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Program Files", "dwDesiredAccess": "100081", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "\\\\.\\PIPE\\wkssvc", "dwDesiredAccess": "c0000000", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\Videos\\desktop.ini", "dwDesiredAccess": "80000000", "dwShareMode": "7"}
{"dwCreationDisposition": "2", "path": "C:\\Program Files\\PC Optimizer Pro\\Languages\\IT.xml", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "\\\\.\\PIPE\\srvsvc", "dwDesiredAccess": "c0000000", "dwShareMode": "3"}
{"dwCreationDisposition": "2", "path": "C:\\Program Files\\PC Optimizer Pro\\PCOptimizerPro.exe", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "2", "path": "C:\\Program Files\\PC Optimizer Pro\\Languages\\DE.xml", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "2", "path": "C:\\Users\\win7\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\PC Optimizer Pro.lnk", "dwDesiredAccess": "c0000000", "dwShareMode": "3"}
{"dwCreationDisposition": "2", "path": "C:\\Program Files\\PC Optimizer Pro\\Languages\\ES.xml", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\AppData", "dwDesiredAccess": "100081", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\PCOptimizerProSetup_STD64.exe", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "2", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\nsv6200.tmp", "dwDesiredAccess": "c0000000", "dwShareMode": "0"}
{"dwCreationDisposition": "2", "path": "C:\\Program Files\\PC Optimizer Pro\\StartApps.exe", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "2", "path": "C:\\Program Files\\PC Optimizer Pro\\Languages\\FR.xml", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "\\??\\C:\\Windows\\System32\\shdocvw.dll", "dwDesiredAccess": "80", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "C:\\", "dwDesiredAccess": "100081", "dwShareMode": "7"}
{"dwCreationDisposition": "1", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\nsl6211.tmp\\GetVersion.dll", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "1", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\nsl6211.tmp\\LangDLL.dll", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\Links\\desktop.ini", "dwDesiredAccess": "80000000", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "C:\\Program Files\\PC Optimizer Pro\\PCOptimizerPro.exe", "dwDesiredAccess": "80", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "C:\\Program Files\\PC Optimizer Pro", "dwDesiredAccess": "100081", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\desktop.ini", "dwDesiredAccess": "80000000", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\system32\\rsaenh.dll", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\nsl6211.tmp\\modern-wizard.bmp", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users", "dwDesiredAccess": "100081", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "dwDesiredAccess": "80000000", "dwShareMode": "3"}
{"dwCreationDisposition": "2", "path": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\PC Optimizer Pro\\PC Optimizer Pro.lnk", "dwDesiredAccess": "c0000000", "dwShareMode": "3"}
{"dwCreationDisposition": "1", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\nsl6211.tmp\\nsDialogs.dll", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\Saved Games\\desktop.ini", "dwDesiredAccess": "80000000", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "C:\\Program Files\\desktop.ini", "dwDesiredAccess": "80000000", "dwShareMode": "7"}
{"dwCreationDisposition": "2", "path": "C:\\Program Files\\PC Optimizer Pro\\UpdatesDll_s.dll", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "2", "path": "C:\\Program Files\\PC Optimizer Pro\\data.xml", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_MIME_HANDLING"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_SCH_SEND_AUX_RECORD_KB_2618444"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\PeerDist\\Service"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "3f0", "phkResult": "0", "lpSubKey": "{35B2A6E5-E669-426E-AFB6-1C7A607735EF}"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_DIGEST_NO_EXTRAS_IN_URI"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_BUFFERBREAKING_818408"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "220", "phkResult": "0", "lpSubKey": "MS Shell Dlg"}
{"hKey": "20c", "phkResult": "0", "lpSubKey": "MS Shell Dlg 2"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_HTTP_USERNAME_PASSWORD_DISABLE"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "SOFTWARE\\PC Optimizer Pro"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_USE_CNAME_FOR_SPN_KB911149"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "System\\Setup"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "RETRY_HEADERONLYPOST_ONCONNECTIONRESET"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\PCOptimizerPro.exe"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "system\\CurrentControlSet\\control\\NetworkProvider\\HwOrder"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_INCLUDE_PORT_IN_SPN_KB908209"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service"}
{"hKey": "2dc", "phkResult": "0", "lpSubKey": "FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\OLEAUT"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Setup"}
<NULL>
{"nNumberOfBytesToWrite": "7e9", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1bae", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "18f724", "hFile": "214"}
{"nNumberOfBytesToWrite": "e6b", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4243", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "63af", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1730", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "a9", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5b07", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "89e", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "29bfd80", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "614c", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "7b0a", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1d", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "240"}
{"nNumberOfBytesToWrite": "7759", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "71ed", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "36d4", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4000", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "1c"}
{"nNumberOfBytesToWrite": "7096", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "373f", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4139", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2691", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "ad4", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "3b5e", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4ecb", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "222b", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4319", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "79cb", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "6a86", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "6a5e", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5736", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "180e", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "3a2", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "8000", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "3161", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5839", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "6a4b", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "6ccd", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "28a8", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "7670", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "729e", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4dd0", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "7e70", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "3043", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "7360", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "6ad", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2a00", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "244"}
{"nNumberOfBytesToWrite": "4000", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "244"}
{"nNumberOfBytesToWrite": "4a5c", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "501e", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "bce", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "1c"}
{"nNumberOfBytesToWrite": "6f35", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4011", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "262b", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4e38", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "17bc", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4eba", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "3eae", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "29bfd80", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "36a8", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4a2", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4000", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "18f724", "hFile": "214"}
{"nNumberOfBytesToWrite": "17b6", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "18f8f0", "hFile": "214"}
{"nNumberOfBytesToWrite": "3ea2", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "240"}
{"nNumberOfBytesToWrite": "20ef", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "11a8", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "fa2", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2600", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "18f8f8", "hFile": "214"}
{"nNumberOfBytesToWrite": "655b", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "305", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2d21", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1bae", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "18f558", "hFile": "214"}
{"nNumberOfBytesToWrite": "388", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "514a", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fc84", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5a25", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1d68", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "1c"}
{"nNumberOfBytesToWrite": "1ff0", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "6fd5", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "3c7a", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "7751", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "fe9", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "56e6", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "6e37", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2556", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "545a", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "434e", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5483", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5449", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4cfa", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2600", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "1c"}
{"nNumberOfBytesToWrite": "734c", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4064", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "369b", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "767f", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4ad4", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "3800", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "1c"}
{"nNumberOfBytesToWrite": "31e8", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5d76", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "f400", "lpOverlapped": "0", "lpBuffer": "985fd8", "lpNumberOfBytesWritten": "29bff60", "hFile": "240"}
{"nNumberOfBytesToWrite": "5b", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "26da", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "3fc2", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "271b", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2029", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "396", "lpOverlapped": "0", "lpBuffer": "97d7fc", "lpNumberOfBytesWritten": "29bf90c", "hFile": "2a8"}
{"nNumberOfBytesToWrite": "e19", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "246c", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1c45", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "fa0", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5ba8", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "74b7", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1f8", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "6225", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2400", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "240"}
{"nNumberOfBytesToWrite": "428a", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "42bd", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1b1e", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "92c", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1dcd", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2983", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5e62", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4d6a", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4000", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "18f8f0", "hFile": "214"}
{"nNumberOfBytesToWrite": "5521", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "7a28", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "6386", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "52c0", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "31f3", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2a63", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "56c0", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "6481", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "403e", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "3765", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "b73", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5cb3", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "7a0", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "240"}
{"nNumberOfBytesToWrite": "1e2", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1a00", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "18fbfc", "hFile": "1e4"}
{"nNumberOfBytesToWrite": "243e", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "417c", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5129", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "cee", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "8000", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fc84", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2ed5", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5bbc", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "503c", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "ff5", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "440", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "240"}
{"nNumberOfBytesToWrite": "790f", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "60b0", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "18df", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "609b", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2190", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1da3", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "240"}
{"nNumberOfBytesToWrite": "8e3", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2631", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "64e", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "43b6", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "489b", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fc84", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4c7d", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "61b5", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4169", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "323f", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2c00", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "18f8f8", "hFile": "220"}
{"nNumberOfBytesToWrite": "1600", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "18fbfc", "hFile": "1f8"}
{"nNumberOfBytesToWrite": "3fbd", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2b91", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "254d", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "65c7", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "49f4", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "37fc", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "60dd", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5dd2", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4764", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2da6", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "2968", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "1c"}
{"nNumberOfBytesToWrite": "3154", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "cdf", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4fa0", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "3ae", "lpOverlapped": "0", "lpBuffer": "97d7fc", "lpNumberOfBytesWritten": "29bf90c", "hFile": "2b0"}
{"nNumberOfBytesToWrite": "4ae7", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "24f4", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1a39", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "47d2", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "6480", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "58da", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5824", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "3f3f", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5a14", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4c26", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "1ea1", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4000", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "18f558", "hFile": "214"}
{"nNumberOfBytesToWrite": "2fc7", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "240"}
{"nNumberOfBytesToWrite": "7ebf", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "5754", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "4de5", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "6a72", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "21cc", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "394", "lpOverlapped": "0", "lpBuffer": "97d7fc", "lpNumberOfBytesWritten": "29bf90c", "hFile": "2a8"}
{"nNumberOfBytesToWrite": "4000", "lpOverlapped": "0", "lpBuffer": "413040", "lpNumberOfBytesWritten": "29bfdb4", "hFile": "240"}
{"nNumberOfBytesToWrite": "275a", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "57ec", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
{"nNumberOfBytesToWrite": "18f4", "lpOverlapped": "0", "lpBuffer": "40b040", "lpNumberOfBytesWritten": "18fbc8", "hFile": "1e0"}
/s "C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll"
regsvr32.exe /s "C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll"
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll
ADVAPI32.dll
propsys.dll
ntmarta.dll
SHELL32.dll
C:\Windows\System32\shdocvw.dll
PROPSYS.dll
OLEAUT32.dll
comctl32.dll
UxTheme.dll
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
OLEAUT32.DLL
C:\Users\win7\AppData\Local\Temp\nsl6211.tmp\GetVersion.dll
C:\Users\win7\AppData\Local\Temp\nsl6211.tmp\LangDLL.dll
RichEd20
C:\Users\win7\AppData\Local\Temp\nsl6211.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nsl6211.tmp\System.dll
USP10.dll
msls31.dll
IMM32.dll
C:\Windows\system32\shell32.dll
USER32.dll
ntshrui.dll
srvcli.dll
cscapi.dll
slc.dll
SHLWAPI.dll
C:\Users\win7\AppData\Local\Temp\nsl6211.tmp\NSISCallURL.dll
C:\Users\win7\AppData\Local\Temp\nsl6211.tmp\NSISCallURLENU.dll
C:\Users\win7\AppData\Local\Temp\nsl6211.tmp\NSISCallURLLOC.dll
API-MS-Win-Security-SDDL-L1-1-0.dll
WS2_32.dll
Secur32.dll
api-ms-win-downlevel-advapi32-l2-1-0.dll
api-ms-win-downlevel-ole32-l1-1-0.dll
winhttp.dll
IPHLPAPI.DLL
api-ms-win-downlevel-shlwapi-l2-1-0.dll
DNSAPI.dll
ole32.dll
dhcpcsvc.DLL
API-MS-Win-Security-LSALookup-L1-1-0.dll
CRYPTBASE.dll
C:\Users\win7\AppData\Local\Temp\nsq61E0.tmp
C:\Users\win7\AppData\Local\Temp\nsl6211.tmp
Precise Detectors Analysis Results
| Detector Name | Date | Verdict | Reason | |
|---|---|---|---|---|
| Uninstaller FP Detector | 2017-06-07 21:50:58.422504 | No Match | help | No match. |
| Yara Rule Static Malware Detector | 2017-06-07 21:50:58.531274 | No Match | help | No match. |
| Static Precise PUA Detector 1 | 2017-06-07 21:50:58.439185 | No Match | help | NotDetected |
| Static Precise Virus Detector | 2017-06-07 21:50:58.446032 | No Match | help | NotDetected |
| Static Precise Trojan Detector | 2017-06-07 21:50:58.444887 | No Match | help | NotDetected |
| Malicious Url Detector | 2017-06-07 21:51:36.529300 | No Match | help | No match. |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date: 2018-10-23 10:37:22.587932 ( )
Analysis End Date: 2018-10-23 15:41:31.384129 ( )
File Upload Date: 2018-10-23 07:37:07.474927 ( )
Update Date: 2018-10-23 15:41:31.417118 ( )
Human Expert Analyst Feedback:
Verdict: PUA
Malware Family:
Additional File Information
| Property | Value |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|